SEC

Security Auditing

Verify password reset and authentication flow vulnerabilities

Automatically test security-critical email flows: password reset, account recovery, email changes. Verify token uniqueness, expiration, reuse prevention, rate limiting, and other OWASP-compliant security requirements.

Why MailBrew for this use case

01

Token security verification

Auto-verify reset token uniqueness, sufficient entropy, and correct expiration.

02

Rate limit testing

Iteratively test that rate limits on password resets and OTP sends function correctly.

03

Account enumeration prevention

Verify identical responses for existing and non-existing email addresses.

04

Automated penetration testing

Integrate into CI/CD to continuously audit authentication flow security requirements.

Sample code

Python (pytest)

# pytest + MailBrew: Security audit tests
import mailbrew
import pytest

client = mailbrew.Client("mb_your_key_here")

class TestPasswordResetSecurity:
    def test_reset_token_is_single_use(self):
        addr = client.addresses.create(ttl=300)
        requests.post(f"{BASE}/password/reset", json={"email": addr.address})

        emails = client.addresses.emails(addr.address)
        token = re.search(r'token=([a-f0-9]+)', emails[0].text_body).group(1)

        r1 = requests.post(f"{BASE}/password/update", json={"token": token, "password": "NewPass123!"})
        assert r1.status_code == 200

        r2 = requests.post(f"{BASE}/password/update", json={"token": token, "password": "AnotherPass!"})
        assert r2.status_code in [400, 422]

Other use cases

E2E

E2E Test Automation

Fully automate signup and email verification flows in CI/CD

OTP

OTP Verification

Auto-extract and verify 2FA/MFA confirmation codes

{ }

Webhook Development & Testing

Build and debug email-triggered webhooks

Ready to try this use case?

Get started with the free plan today. No credit card required.

Create free account →