You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: intro_hacking/5-api/walkthrough/users_enumuration.md
+2-1Lines changed: 2 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,4 +1,4 @@
1
-
###User Enumuration
1
+
## User Enumuration
2
2
User enumeration is a security testing technique used to discover valid usernames or user IDs within an application or system. It's done by observing slight but discernible differences in the system's responses when an attacker attempts to authenticate or interact with different user accounts.
3
3
4
4
## How User Enumeration Works
@@ -25,3 +25,4 @@ The primary mitigation strategy is to ensure **consistent and generic error mess
25
25
***Consistent Timing:** Implement **constant-time algorithms** for all password verification steps to prevent timing-based attacks.
26
26
***Rate Limiting:** Aggressively limit the rate of login attempts from a single IP address to make large-scale dictionary testing impractical.
0 commit comments