appsec.fyi — JSON Web Tokens (JWT)

appsec.fyi — JSON Web Tokens (JWT) https://appsec.fyi/jwt.html Curated JSON Web Tokens (JWT) resources from appsec.fyi en-us Fri, 10 Apr 2026 21:32:17 +0000 carl@chs.us (Carl Sampson) PortSwigger KB: JWT none algorithm supported https://portswigger.net/kb/issues/00200901_jwt-none-algorithm-supported https://portswigger.net/kb/issues/00200901_jwt-none-algorithm-supported PortSwigger KB: JWT none algorithm supported JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:47 +0000 Intigriti: Exploiting JWT vulnerabilities — advanced exploitation guide https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-jwt-vulnerabilities https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-jwt-vulnerabilities Intigriti: Exploiting JWT vulnerabilities — advanced exploitation guide JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:46 +0000 Vaadata: JWT vulnerabilities, common attacks and security best practices https://www.vaadata.com/blog/jwt-json-web-token-vulnerabilities-common-attacks-and-security-best-practices/ https://www.vaadata.com/blog/jwt-json-web-token-vulnerabilities-common-attacks-and-security-best-practices/ Vaadata: JWT vulnerabilities, common attacks and security best practices JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:45 +0000 WorkOS: JWT algorithm confusion attacks explained https://workos.com/blog/jwt-algorithm-confusion-attacks https://workos.com/blog/jwt-algorithm-confusion-attacks WorkOS: JWT algorithm confusion attacks explained JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:45 +0000 PentesterLab: Another JWT Algorithm Confusion Vulnerability (CVE-2024-54150) https://pentesterlab.com/blog/another-jwt-algorithm-confusion-cve-2024-54150 https://pentesterlab.com/blog/another-jwt-algorithm-confusion-cve-2024-54150 PentesterLab: Another JWT Algorithm Confusion Vulnerability (CVE-2024-54150) JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:44 +0000 Curity: JWT Security Best Practices https://curity.io/resources/learn/jwt-best-practices/ https://curity.io/resources/learn/jwt-best-practices/ Curity: JWT Security Best Practices JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:43 +0000 RFC 8725: JSON Web Token Best Current Practices https://www.ietf.org/archive/id/draft-sheffer-oauth-rfc8725bis-01.html https://www.ietf.org/archive/id/draft-sheffer-oauth-rfc8725bis-01.html RFC 8725: JSON Web Token Best Current Practices JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:42 +0000 Auth0: Critical vulnerabilities in JSON Web Token libraries https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ Auth0: Critical vulnerabilities in JSON Web Token libraries JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:42 +0000 OWASP WSTG: Testing JSON Web Tokens https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/10-Testing_JSON_Web_Tokens https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/10-Testing_JSON_Web_Tokens OWASP WSTG: Testing JSON Web Tokens JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:41 +0000 OWASP JSON Web Token for Java Cheat Sheet https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html OWASP JSON Web Token for Java Cheat Sheet JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:40 +0000 KathanP19/HowToHunt: JWT https://github.com/KathanP19/HowToHunt/blob/master/JWT/JWT.md https://github.com/KathanP19/HowToHunt/blob/master/JWT/JWT.md KathanP19/HowToHunt: JWT JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:39 +0000 tuhin1729 Bug Bounty Methodology: JWT https://github.com/tuhin1729/Bug-Bounty-Methodology/blob/main/JWT.md https://github.com/tuhin1729/Bug-Bounty-Methodology/blob/main/JWT.md tuhin1729 Bug Bounty Methodology: JWT JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:39 +0000 HackTricks: JWT vulnerabilities https://book.hacktricks.xyz/pentesting-web/hacking-jwt-json-web-tokens https://book.hacktricks.xyz/pentesting-web/hacking-jwt-json-web-tokens HackTricks: JWT vulnerabilities JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:38 +0000 PayloadsAllTheThings: JSON Web Token https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/JSON%20Web%20Token/README.md https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/JSON%20Web%20Token/README.md PayloadsAllTheThings: JSON Web Token JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:37 +0000 DontPanicO/jwtXploiter: A tool to test the security of JSON Web Tokens https://github.com/DontPanicO/jwtXploiter https://github.com/DontPanicO/jwtXploiter DontPanicO/jwtXploiter: A tool to test the security of JSON Web Tokens JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:36 +0000 brendan-rius/c-jwt-cracker: JWT brute-force cracker in C https://github.com/brendan-rius/c-jwt-cracker https://github.com/brendan-rius/c-jwt-cracker brendan-rius/c-jwt-cracker: JWT brute-force cracker in C JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:35 +0000 mazen160/jwt-pwn: Security testing scripts for JWT https://github.com/mazen160/jwt-pwn https://github.com/mazen160/jwt-pwn mazen160/jwt-pwn: Security testing scripts for JWT JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:34 +0000 jwt_tool Attack Methodology wiki https://github.com/ticarpi/jwt_tool/wiki/Attack-Methodology https://github.com/ticarpi/jwt_tool/wiki/Attack-Methodology jwt_tool Attack Methodology wiki JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:34 +0000 ticarpi/jwt_tool: A toolkit for testing, tweaking and cracking JSON Web Tokens https://github.com/ticarpi/jwt_tool https://github.com/ticarpi/jwt_tool ticarpi/jwt_tool: A toolkit for testing, tweaking and cracking JSON Web Tokens JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:33 +0000 Working with JWTs in Burp Suite https://portswigger.net/burp/documentation/desktop/testing-workflow/vulnerabilities/session-management/jwts https://portswigger.net/burp/documentation/desktop/testing-workflow/vulnerabilities/session-management/jwts Working with JWTs in Burp Suite JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:32 +0000 JSON Web Token Attacker Burp extension https://portswigger.net/bappstore/82d6c60490b540369d6d5d01822bdf61 https://portswigger.net/bappstore/82d6c60490b540369d6d5d01822bdf61 JSON Web Token Attacker Burp extension JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:32 +0000 JWT Scanner Burp extension https://portswigger.net/bappstore/be6af6a556df4423846b25080dbde88c https://portswigger.net/bappstore/be6af6a556df4423846b25080dbde88c JWT Scanner Burp extension JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:31 +0000 PortSwigger jwt-editor: Burp Suite extension for editing and signing JWTs https://github.com/PortSwigger/jwt-editor https://github.com/PortSwigger/jwt-editor PortSwigger jwt-editor: Burp Suite extension for editing and signing JWTs JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:30 +0000 Algorithm confusion attacks | Web Security Academy https://portswigger.net/web-security/jwt/algorithm-confusion https://portswigger.net/web-security/jwt/algorithm-confusion Algorithm confusion attacks | Web Security Academy JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:29 +0000 JWT attacks | Web Security Academy https://portswigger.net/web-security/jwt https://portswigger.net/web-security/jwt JWT attacks | Web Security Academy JSON Web Tokens (JWT) Fri, 10 Apr 2026 21:21:28 +0000