JWT Attack Lab — Part 3: Protecting a Route, Then Bypassing It With alg: none
Part 3 of a series building a Flask API with JWT authentication, then deliberately exploiting six real vulnerabilities in it.
Part 2 covered what a JWT actually is and how one gets issued. This part p
quietbytes.hashnode.dev4 min read