JWT security test cases

 


Comments

Post a Comment

Popular posts from this blog

Image
Securing AI: Safeguarding the Future of Intelligent Systems Featured Image: Unsplash Artificial Intelligence (AI) is revolutionizing industries, from healthcare to finance, by enabling automation, personalization, and data-driven decision-making. However, as AI systems grow more pervasive, their security vulnerabilities are becoming a critical concern. 📊 Quick Stat : By 2025, 30% of enterprises will prioritize AI-specific security tools to combat adversarial attacks ( Gartner ). Why AI Security Matters Source: Getty Images AI systems are not just code; they’re dynamic entities trained on vast datasets. Their security is critical because: High Stakes : AI powers autonomous vehicles, medical diagnostics, and critical inf...
Read more

Hands-on with n8n Expression Injection - CVE 2025-68613

Image
Hands-on with n8n Expression Injection – Sandbox Escape Case Study In this lab, I analyzed a critical expression injection flaw in n8n that allows authenticated workflow expressions to escape sandbox isolation and access the underlying Node.js runtime, resulting in potential Remote Code Execution (RCE) . Understanding the Execution Model n8n allows users to embed expressions inside workflow nodes (Set, IF, HTTP Request, etc.) to compute dynamic values at runtime. These expressions are evaluated server-side by a Node.js-based engine. When sandboxing assumptions fail, the execution flow becomes: Authenticated user → Workflow expression → Expression evaluation engine → Node.js runtime objects (process, require) → Sandbox escape → Potential RCE --- Architecture Overview High-Level Architecture User Browser n8n Web UI Expression Engine Node.js Runtime Understanding Payload St...
Read more

Simulating SYN Flooding Attack(DOS)

Image
  Basic 3 way TCP Handshake: State during Sync flooding attack   Example of DDOS attack with hping3  and kali linux: Note:  In this case both attacker’s system and victim server are in same network . Step#1: Victim server: 192.168.1.100 Step#2: Attacker’s system: 192.168.1.102 Step#3: Install hping3 in kali using below command # sudo apt-get install hping3 Step#4: Now, attacker will use hping3 or another tool to spoof IP random addresses, The using below command start and direct the SYN flood attack to our target (192.168.1.100): # hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.1.100 Now SYN flooding attack has started. Let’s explain in detail the above command: -c 150000 : Indicates that we are sending 15000 packets -d 120 : Indicates each packet is of 120 bytes -S : Specifying SYN flag should be enabled. -w 64: Indicates TCP window size of 64 -p 80: Specifying port to attack victims webserver at port 80 --rand-source: Used to generate...
Read more