AuthBreach

AuthBreach is a web app + CLI that continuously security-tests authentication and authorization flows in staging and production-like environments. It focuses on the failures teams actually ship: broken access control, IDOR, privilege escalation, weak session handling, JWT misconfigurations, OAuth/OIDC edge cases, and multi-tenant data leaks. You point it at your app (OpenAPI/GraphQL schema + a few recorded login flows), and it generates targeted test cases, runs them in CI, and produces developer-friendly proof-of-exploit reports with exact requests, replay scripts, and suggested fixes. It’s not a generic “scan everything” tool; it’s a narrow, repeatable harness for the most expensive class of bugs. Expect some setup friction: auth is messy, and false positives kill trust, so the product must prioritize signal quality and reproducibility over flashy dashboards.