Awesome-Mirrors
/
awesome-web-security
mirror of https://github.com/qazbnm456/awesome-web-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add a JWT section and single blog post

This commit is contained in:
Isaac Evans 2020-07-27 10:31:03 -07:00 committed by GitHub
parent 13cfd1004e
commit a1a3be97e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -53,6 +53,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [DNS Rebinding](#dns-rebinding)
- [Deserialization](#deserialization)
- [OAuth](#oauth)
- [JWT](#jwt)
- [Evasions](#evasions)
- [XXE](#evasions-xxe)
- [CSP](#evasions-csp)
@ -349,6 +350,10 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [Introduction to OAuth 2.0 and OpenID Connect](https://pragmaticwebsecurity.com/courses/introduction-oauth-oidc.html) - Written by [@PhilippeDeRyck](https://twitter.com/PhilippeDeRyck).
- [What is going on with OAuth 2.0? And why you should not use it for authentication.](https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611) - Written by [@damianrusinek](https://medium.com/@damianrusinek).
<a name="jwt"></a>
### JWT
- [Hardcoded secrets, unverified tokens, and other common JWT mistakes](https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/) - Written by [@ermil0v](https://twitter.com/ermil0v)
## Evasions
<a name="evasions-xxe"></a>