Advena – WindowsTechs.com

JWTs as refresh tokens, beside the JWT access token?

Posted on June 4, 2024 by Advena

While reading up on refresh tokens, I’ve come by some interesting comments in this answer:

Refresh tokens can be in the form of a JWT as well

After going through all the responses and doing some online research, I was unable to find any … Continue reading JWTs as refresh tokens, beside the JWT access token?→

CSRF: Signed Double Submit Cookie & ‘Referer’ validation vs MITM and vulnerable subdomains

Posted on May 9, 2023 by Advena

I have been researching various techniques for preventing CSRF attacks, such as SOP, SameSite, Secure, Referer validation, and CSRF Tokens, and their potential bypasses. During my research, I discovered the following vulnerabilities:

A we… Continue reading CSRF: Signed Double Submit Cookie & ‘Referer’ validation vs MITM and vulnerable subdomains→

Can strict ‘Referer’ validation also be bypassed with vulnerable subdomains?

Posted on May 8, 2023 by Advena

I have been researching various common techniques for preventing CSRF attacks, such as SameSite, Secure, and CSRF Tokens, and how they can be bypassed. I found that the following vulnerabilities exist:

A website’s subdomain or sibling dom… Continue reading Can strict ‘Referer’ validation also be bypassed with vulnerable subdomains?→