1. Introduction
Authentication basic attacks are sometimes oerlooked.
Differences
There is a difference between authentication, authorization or access control.
Authentication is who you are is your identity.Authorization or access control on the other hand is what you are allowed to do.
Example
Let's think of checking into a hotel, you go at the reception desk you show your ID card or driver license to check your identity and that is Authentication.
Once you verified your identity your authentication is complete and you get a card key. The card key gives you access to the facilities you bought for your stay and that is what Authorization or Access Control is.
We mainly need to look at two things when testing for Authentication or Authorization:
Brute Force Attacks: They are something that a lot of developer teams underestimate.
Logic issues: They can turn out to be critical issues that are sometimes undetected or overlooked by automated tools.