Stud Sterkel – WindowsTechs.com

Security risks to returning JWT token in the response body to a GET request?

Posted on November 16, 2021 by Stud Sterkel

Are there any security risks to returning a user’s JWT in the response body to a GET request? The JWT is only returned for authenticated users. Authentication is managed via a JWT stored as a HttpOnly, Secure, SameSite:Lax cookie.
Flow, in… Continue reading Security risks to returning JWT token in the response body to a GET request?→

Posted on January 23, 2020 by Stud Sterkel

I was reading this The New York Times (NYT) article about the hack of Jeff Bezos’s phone. The article states:

The May 2018 message that contained the innocuous-seeming video file, with a tiny 14-byte chunk of malicious code, came out o… Continue reading Can malicious code fit in 14 bytes?→