https://appsec.fyi/authn.html Curated Authentication resources from appsec.fyi en-us Fri, 10 Apr 2026 21:32:17 +0000 carl@chs.us (Carl Sampson) https://hackerone.com/reports/861940 https://hackerone.com/reports/861940 Semrush OAuth redirect_uri bypass via IDN homograph — HackerOne #861940 Authentication Fri, 10 Apr 2026 21:22:25 +0000 https://hackerone.com/reports/2575/ https://hackerone.com/reports/2575/ Slack OAuth2 redirect_uri bypass — HackerOne #2575 Authentication Fri, 10 Apr 2026 21:22:25 +0000 https://blog.talosintelligence.com/state-of-the-art-phishing-mfa-bypass/ https://blog.talosintelligence.com/state-of-the-art-phishing-mfa-bypass/ Cisco Talos: State-of-the-art phishing — MFA bypass Authentication Fri, 10 Apr 2026 21:22:24 +0000 https://www.bugcrowd.com/blog/mfa-security-part-1-how-attackers-bypass-multi-factor-authentication/ https://www.bugcrowd.com/blog/mfa-security-part-1-how-attackers-bypass-multi-factor-authentication/ Bugcrowd: How attackers bypass multi-factor authentication (Part 1) Authentication Fri, 10 Apr 2026 21:22:23 +0000 https://www.webauthn.me/passkeys https://www.webauthn.me/passkeys webauthn.me: WebAuthn and Passkeys guide Authentication Fri, 10 Apr 2026 21:22:23 +0000 https://fidoalliance.org/passkeys/ https://fidoalliance.org/passkeys/ FIDO Alliance: Passkeys overview Authentication Fri, 10 Apr 2026 21:22:22 +0000 https://hackmanit.de/en/blog-en/82-xml-signature-validation-bypass-in-simplesamlphp-and-xmlseclibs/ https://hackmanit.de/en/blog-en/82-xml-signature-validation-bypass-in-simplesamlphp-and-xmlseclibs/ Hackmanit: XML Signature Validation Bypass in SimpleSAMLphp and xmlseclibs Authentication Fri, 10 Apr 2026 21:22:21 +0000 https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/ https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/ epi052: How to Hunt Bugs in SAML — A Methodology (Part II) Authentication Fri, 10 Apr 2026 21:22:20 +0000 https://www.ibm.com/think/topics/xml-signature-wrapping https://www.ibm.com/think/topics/xml-signature-wrapping IBM: What is XML Signature Wrapping? Authentication Fri, 10 Apr 2026 21:22:20 +0000 https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf USENIX: On Breaking SAML — Be Whoever You Want to Be Authentication Fri, 10 Apr 2026 21:22:19 +0000 https://astrix.security/learn/blog/part-2-how-attackers-exploit-oauth-a-deep-dive/ https://astrix.security/learn/blog/part-2-how-attackers-exploit-oauth-a-deep-dive/ Astrix Security: How attackers exploit OAuth — a deep dive (Part 2) Authentication Fri, 10 Apr 2026 21:22:18 +0000 https://www.thehacker.recipes/web/config/identity-and-access-management/oauth-2.0 https://www.thehacker.recipes/web/config/identity-and-access-management/oauth-2.0 The Hacker Recipes: OAuth 2.0 Authentication Fri, 10 Apr 2026 21:22:17 +0000 https://blog.securityinnovation.com/pentesters-guide-to-evaluating-oauth-2.0 https://blog.securityinnovation.com/pentesters-guide-to-evaluating-oauth-2.0 Security Innovation: Pentester's Guide to Evaluating OAuth 2.0 Authentication Fri, 10 Apr 2026 21:22:17 +0000 https://0xn3va.gitbook.io/cheat-sheets/web-application/oauth-2.0-vulnerabilities https://0xn3va.gitbook.io/cheat-sheets/web-application/oauth-2.0-vulnerabilities 0xn3va: OAuth 2.0 Vulnerabilities cheat sheet Authentication Fri, 10 Apr 2026 21:22:16 +0000 https://www.cobalt.io/blog/oauth-vulnerabilites-pt.-2 https://www.cobalt.io/blog/oauth-vulnerabilites-pt.-2 Cobalt: OAuth Vulnerabilities Part 2 Authentication Fri, 10 Apr 2026 21:22:15 +0000 https://www.vaadata.com/blog/understanding-oauth-2-0-and-its-common-vulnerabilities/ https://www.vaadata.com/blog/understanding-oauth-2-0-and-its-common-vulnerabilities/ Vaadata: Understanding OAuth 2.0 and its common vulnerabilities Authentication Fri, 10 Apr 2026 21:22:14 +0000 https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html Doyensec: Common OAuth Vulnerabilities Authentication Fri, 10 Apr 2026 21:22:14 +0000 https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/03-Testing_for_Session_Fixation https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/03-Testing_for_Session_Fixation OWASP WSTG: Testing for Session Fixation Authentication Fri, 10 Apr 2026 21:22:13 +0000 https://owasp.org/www-community/controls/Session_Fixation_Protection https://owasp.org/www-community/controls/Session_Fixation_Protection OWASP: Session Fixation Protection Authentication Fri, 10 Apr 2026 21:22:12 +0000 https://owasp.org/www-community/attacks/Session_fixation https://owasp.org/www-community/attacks/Session_fixation OWASP: Session fixation attack Authentication Fri, 10 Apr 2026 21:22:11 +0000 https://owasp.org/Top10/2021/A07_2021-Identification_and_Authentication_Failures/ https://owasp.org/Top10/2021/A07_2021-Identification_and_Authentication_Failures/ OWASP Top 10 A07: Identification and Authentication Failures Authentication Fri, 10 Apr 2026 21:22:11 +0000 https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html OWASP Session Management Cheat Sheet Authentication Fri, 10 Apr 2026 21:22:10 +0000 https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html OWASP Authentication Cheat Sheet Authentication Fri, 10 Apr 2026 21:22:09 +0000 https://portswigger.net/research/the-fragile-lock https://portswigger.net/research/the-fragile-lock The Fragile Lock: Novel Bypasses for SAML Authentication | PortSwigger Research Authentication Fri, 10 Apr 2026 21:22:08 +0000 https://portswigger.net/web-security/oauth https://portswigger.net/web-security/oauth PortSwigger: OAuth 2.0 authentication vulnerabilities Authentication Fri, 10 Apr 2026 21:22:08 +0000