Web Auth
Credential stuffing and password spraying
https://redtm.com/web-pentest/pentesting-web-auth/
https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/
https://book.hacktricks.xyz/pentesting-web/hacking-jwt-json-web-tokens
https://book.hacktricks.xyz/pentesting-web/login-bypass
https://portswigger.net/web-security/jwt
Last updated