Authentication bypass

A variety of techniques to circumvent the username/password of a web app
For apps that check pathnames, aliasing can be a problem. Ex: /path/foo vs. /path//foo
When links to certain pages are only presented post-login, some believe this effectively protects them, but it is easy to guess/know the path

A variety of techniques to circumvent the username/password of a web app