AuthSentry

AuthSentry is a web app (with optional CLI) that continuously tests your application’s authentication and authorization flows the way real attackers do—without requiring a full pentest budget. You connect it to staging (or a safe production canary) and define key user roles and critical endpoints. The tool then runs scripted and semi-automated checks for common, high-impact issues: broken access control (IDOR), privilege escalation, session fixation, weak MFA enforcement, token leakage, insecure password reset flows, and misconfigured OAuth/OIDC. It produces reproducible proof steps, HTTP traces, and developer-ready tickets with severity and suggested fixes. It’s not magic: it won’t find every logic bug, and it needs decent test accounts and environment parity. But it will reliably catch the recurring auth mistakes that ship in fast-moving teams and cause the most expensive incidents.