Created Issue #2144 to discuss the new subsections (“Attack Scenarios”, “Defensive Controls”, and “SOC Detection Guidance”). Linking it here for visibility.Add authentication attack scenarios, defensive controls, and SOC detection guidance

[sujalavnelavai]

This PR enhances the Authentication Cheat Sheet by adding three new subsections that provide practical, security-focused guidance aligned with modern authentication threats and defensive best practices.

Added Sections

• Common Authentication Attack Scenarios
  Covers credential stuffing, password spraying, brute force attacks, MFA fatigue attacks, and session hijacking.

• Recommended Defensive Controls
  Includes rate limiting, MFA enforcement, passwordless authentication options, IP reputation checks, session hardening, and protections against MFA fatigue.

• SOC Monitoring & Detection Guidance
  Provides actionable detection insights for SOC analysts, including failed login pattern analysis, impossible travel detection, MFA abuse monitoring, device/browser anomaly detection, and correlation with other security alerts.

Purpose

These additions strengthen the cheat sheet by:

• Improving clarity around real-world authentication threats
• Providing actionable defensive recommendations
• Adding SOC-relevant detection guidance to support incident response
• Enhancing the overall usefulness of the document for developers and security teams

No existing content was modified or removed.

You're A Rockstar

Thank you for submitting a Pull Request (PR) to the Cheat Sheet Series.

🚩 If your PR is related to grammar/typo mistakes, please double-check the file for other mistakes in order to fix all the issues in the current cheat sheet.

Please make sure that for your contribution:

• In case of a new Cheat Sheet, you have used the Cheat Sheet template.
• All the markdown files do not raise any validation policy violation, see the policy.
• All the markdown files follow these format rules.
• All your assets are stored in the assets folder.
• All the images used are in the PNG format.
• Any references to websites have been formatted as [TEXT](URL)
• You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
• The CI build of your PR pass, see the build status here.

If your PR is related to an issue, please finish your PR text with the following line:

This PR fixes issue #<REPLACE WITH ISSUE NUMBER>.

AI Tool Usage Disclosure (required for all PRs)

Please select one of the following options:

• I have NOT used any AI tool to generate the contents of this PR.
• I have used AI tools to generate the contents of this PR. I have verified
  the contents and I affirm the results. The LLM used is Microsoft office Copilot 2026
  and the prompt used is Assistance with structuring new subsections, wording improvements, and PR description formatting``. [Feel free to add more details if needed]

Thank you again for your contribution 😃