Open DeliciousBounty opened 1 year ago
Hi, I'd like to work on this issue.
Hi @glokta1 Thank for getting involved, Check the contribute.md . If you need help or do you have any questions feel free to ask :) This is my mail : nathan.s@blstsecurity.com
Is the aim of the issue to write JWT passive tests to validate token's structure, valid encryption etc? Also, is the bounty still applicable?
@Hrushi20 Yes exactly your suggestions can be included in this passive check , but actually there is no bounty.
We are looking for contributors!
JWT passive test will run several tests on the JWT Token in accordance with best practices. In other words, ensure that the token's structure is legitimate, valid encryption, etc. For more details please check OWASP: https://owasp.org/www-chapter-belgium/assets/2021/2021-02-18/JWT-Security.pdf https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html