This repository contains structured observations derived from testing real-world web applications. The focus is on identifying trust boundaries, analyzing system behavior, and documenting security-relevant patterns across authentication, session management, API design, and business logic.
- Session Management Analysis
- Authentication Flow Analysis
- API Behavior & Access Patterns
- Business Logic Observations
Testing focuses on understanding how applications are designed to function and identifying where trust assumptions can be broken.
Rather than relying solely on automated tools, the emphasis is placed on:
- Observing real application behavior
- Replaying and modifying requests
- Identifying trust boundaries
- Validating assumptions through testing