XSS over IdP Federation
Today I come to you with a new idea. What if we could bring XSS payloads into third-party applications without attacking them directly? Would be a nice approach, right? Let’s call it […]
Tag: JWT
Attack: JWT issuer forgery
In this article, we will delve deeper into the subject of JSON Web Tokens (JWT) and look at a method of forging them. You can find the basics in my two previous […]
Attack: JWT modification
In my previous post “what abaout: JWT” we looked at what JWT actually is and how it is used. We only looked at the basics, there are countless articles out there that […]
what about: JWT
In a world full of web services, APIs and clouds, authentication and authorisation needs to be rethought. Basic methods such as Kerberos are no longer applicable, or only partially applicable, to these […]