{"skill":{"slug":"bookforge-authentication-security-assessment","displayName":"Authentication Security Assessment","summary":"Systematically assess web application authentication mechanisms for design flaws and implementation vulnerabilities. Use this skill whenever: testing the log...","tags":{"appsec":"1.0.0","authentication":"1.0.0","bookforge":"1.0.0","brute-force":"1.0.0","credential-security":"1.0.0","cwe-287":"1.0.0","cwe-307":"1.0.0","cwe-521":"1.0.0","cwe-640":"1.0.0","latest":"1.0.0","login-security":"1.0.0","multifactor-authentication":"1.0.0","owasp":"1.0.0","password-policy":"1.0.0","penetration-testing":"1.0.0","session-management":"1.0.0","user-enumeration":"1.0.0"},"stats":{"comments":0,"downloads":36,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1777294178486,"updatedAt":1777294906591},"latestVersion":{"version":"1.0.0","createdAt":1777294178486,"changelog":"Initial release of the bookforge-authentication-security-assessment skill.\n\n- Provides systematic assessment of web application authentication mechanisms for design and implementation flaws.\n- Includes guidance for both black-box (behavioral) and white-box (source code) testing.\n- Maps findings to OWASP Testing Guide and relevant CWE categories (287, 521, 307, 640, 312, 522).\n- Defines required context, assessment tasks, input types, and intended audience (penetration testers, security engineers, developers).\n- Outlines supported authentication surfaces: login, password change, account recovery, registration, and multistage mechanisms.\n- Excludes authorization testing, session token analysis, and injection attack assessment.","license":"MIT-0"},"metadata":{"os":null,"systems":null},"owner":{"handle":"quochungto","userId":"s176b6gfk8djgcz320d83ta4e184bx1v","displayName":"Hung Quoc To","image":"https://avatars.githubusercontent.com/u/88069966?v=4"},"moderation":null}