JWT Misconfiguration - hpAndro Vulnerable Application Challenge
🚩 CTF Link : http://ctf.hpandro.raviramesh.info
♚ All application on Playstore: https://play.google.com/store/apps/de...
♛ Consolidate challenges app: https://play.google.com/store/apps/de...
🔊 YouTube Channel: / androidappsec
🟦 Facebook Page: / hpandro1337
🔷Twitter handle : / hpandro1337
#JWT #Misconfiguration
----------------------------------
#JSON Web #Token is used to carry information related to the identity and characteristics (claims) of a client. This information is signed by the server in order for it to detect whether it was tampered with after sending it to the client. This will prevent an attacker from changing the identity or any characteristics (for example, changing the role from simple user to admin or change the client login).
This token is created during authentication (is provided in case of successful authentication) and is verified by the server before any processing. It is used by an application to allow a client to present a token representing the user's "identity card" to the server and allow the server to verify the validity and integrity of the token in a secure way, all of this in a stateless and portable approach (portable in the way that client and server technologies can be different including also the transport channel even if HTTP is the most often used).
More Info : https://cheatsheetseries.owasp.org/ch...
Смотрите видео JWT Misconfiguration - hpAndro Vulnerable Application Challenge онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Android AppSec 02 Июль 2021, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 27 раз и оно понравилось людям.