5 matches found
PT-2025-11698 · Fast-Jwt · Fast-Jwt
Name of the Vulnerable Software and Affected Versions: fast-jwt versions prior to 5.0.6 Description: The fast-jwt library does not properly validate the iss claim based on the RFC 7519, allowing an array of strings as a valid iss value. This enables a potential attack where a malicious actor craf...
RS256-2-HS256 - JWT Attack To Change The Algorithm RS256 To HS256
JWT Attack to change the algorithm RS256 to HS256 Usage usage: RS2562HS256JWT.py -h payload pubkey positional arguments: payload JSON payload from JWT to attack pubkey Public key file to use for signing optional arguments: -h, --help show this help message and exit Example Download RS256-2-HS256...
Astra - Automated Security Testing For REST API's
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...
Astra - Automated Security Testing For REST API's
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...
REST API Penetration Testing: Astra
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...