spec checked
OWASP WSTG account enumeration testing
Documents testing registration, login, and recovery flows for account enumeration through different messages, redirects, response bodies, response times, and user-specific URLs.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Account creation | Choose account creation when a persistent account is required for repeated access, saved data, account management, security, authorization, legal accountability, or returning to drafts. | The flow states why the account is needed before asking for credentials. | OWASP WSTG supports testing registration and recovery flows for account-enumeration signals. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: OWASP Web Security Testing Guide. Last checked: .