Testing Policy in Auh0

Auth0 community, nice to greet you. The reason is to check if, based on Auth0 policies, and having a free plan, it is possible to work with tests and studies on the authentication and authorization flows for sample web applications that offer their services (global login, multi-factor authentication and SIWE) from the point of view of cybersecurity and in an educational field at the university level. The project is titled “Study of user digital identity techniques towards Web 3.0” and has an academic orientation and awareness about IAM security in web applications in the transition from Web2 to Web3.
The tools we will use are Miter Caldera, Burp Suite from Kali Linux running in local environments. It is also possible to explore the Modlishka tool.
It is not intended to make tests or penetration attempts or anything like that to the Auth0 services.

Thank you very much, greetings

Hi @edupiray

Welcome to the Auth0 Community!

I need to check with our team regarding policies for your use case. In a mean time, can you share with me more details regarding tools that your students will be using.

Regarding policies itself we have a two docs pages about that:

Thanks
Dawid

Hello Dawid. Apologies, I wrote in Spanish, I share the answer in English. Thank you very much for your reply. Yes of course. I share with you what you request. The tests are carried out by building Angular or similar sample web applications, to which the authentication services offered by Auth0 are added. These applications run in local environments (locahost) on virtual machines with VirtualBox that have Linux Ubuntu and Kali Linux installed. In other words, this is the test environment, one virtual machine acts as the machine that runs Miter Caldera and the other virtual machine acts as the victim machine running the web application. It is also possible that a web application will be built on a service like Firebase, and we are also testing the service that Auth0 offers for Web3, SIWE. The students who participate in the project replicate this environment and do their tests to learn about the workflows of the authentication protocols, and draw conclusions and become aware of the importance of security in web systems in regards to Identity Access Management. (IAM) to determine how to protect the user’s identity and how to protect systems from unauthorized access. Specifically, the tests consist of based on the Miter matrix, the Credential Access tactic is studied, and the aim is to replicate the techniques associated with the aforementioned tactic with the Miter Caldera tool. They are also trying to do similar tests with the Burp Suite tool that is already installed in the Kali Linux VirtualBox image. Additionally, with the modlishka tool they try to carry out social engineering tests.
I hope I was able to explain it properly.
A cordial greeting.