Advanced ATO Testing Scenarios
Account Settings
Add Payment Method
Messaging Features
Testing Information
All forms on this page simulate vulnerable endpoints that can be used for ATO testing:
Account Settings:
- Email change (no verification)
- Address change (no verification)
- 2FA settings (vulnerable toggle)
- KBA settings (weak questions)
Payment Processing:
- Credit card addition
- Simulated success/failure
- No verification checks
Messaging:
- Message sending (no rate limiting)
- Invite sending (vulnerable to spam)
- No content filtering