🛠️ Account deletion

Theory
Removing an account is a sensitive action that should be taken into consideration.
Practice
Some protection mechanisms should be incorporated:
1.Protection: when deleting an account, the web application should request the user to submit its credentials (it can prevent attacks such CSRF, XSS...).
References
Liberapay disclosed on HackerOne: Insecure Account Deletion
HackerOne
#BugBounty — How I was able to delete anyone’s account in an Online Car Rental Company
Medium

Account creation

🛠️ Logging in

Last modified 1yr ago