Writeups
Notes from breaking & fixing
Vulnerability research, exploit walkthroughs, retired-box reports, and AppSec patterns I learn the hard way so you don't have to.
- AppSec medium
Building jwt-scan: A CLI That Hunts the Five JWT Bugs From My Lab
Turning a vulnerability lab into a shippable scanner. From research artifact to npm package, with token-only and live-endpoint modes, in one weekend.
- jwt
- cli
- tooling
- appsec
- node
- typescript
- AppSec easy
JWT alg=none Bypass: When the Token Trusts Itself
How a one-line algorithm header turns authentication into security theater, and why allowlisting is the only fix.
- jwt
- auth
- owasp
- appsec
Categories:
AppSec
Tags:
#appsec#auth#cli#jwt#node#owasp#tooling#typescript