Passive Test / JWT Security #70
Labels
New passive check
New passive check
Comments
|
Hi, I'd like to work on this issue. |
|
Hi @glokta1 Thank for getting involved, |
|
Is the aim of the issue to write JWT passive tests to validate token's structure, valid encryption etc? Also, is the bounty still applicable? |
|
@Hrushi20 Yes exactly your suggestions can be included in this passive check , but actually there is no bounty. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are looking for contributors!
JWT passive test will run several tests on the JWT Token in accordance with best practices.
In other words, ensure that the token's structure is legitimate, valid encryption, etc.
For more details please check OWASP:
https://owasp.org/www-chapter-belgium/assets/2021/2021-02-18/JWT-Security.pdf
https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html
The text was updated successfully, but these errors were encountered: