sharp-edges

This file is an educational checklist and examples of insecure authentication/session management patterns. It does not contain runtime malicious code (no exfiltration, shells, or hidden network calls). However, the code snippets demonstrate many high-risk vulnerabilities (timing attacks, password truncation, session fixation, predictable tokens, token reuse, missing authorization, IDOR, weak MFA and recovery mechanisms). Treat these snippets as examples of what not to implement; any production code that mirrors these patterns should be remediated. Overall: not malware, but many high-severity security pitfalls.