Tag
algorithm-confusion
Safeguard articles tagged "algorithm-confusion" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Application Security
Secure JWT handling: algorithm confusion, expiry, and storage done right
A single unchecked `alg` header turned jsonwebtoken into a forgeable token in CVE-2015-9235 — here's how to close every hole RFC 8725 warns about.
Jul 8, 20266 min read
Vulnerability Guides
JWT Security Vulnerabilities and How to Avoid Them
JSON Web Tokens are only as safe as how you verify them. The alg:none trick, RS256-to-HS256 confusion, and weak secrets have all led to full auth bypass.
Jul 3, 20265 min read