In this test we check whether the JWT used for authentication on your web application expose any sensitive information stored in it and if it can be tampered with or modified.

We test the web application for JWT signature verification by submitting a manipulated request with modified body of the JWT to see if the application accepts it.

We also test the vulnerabilities of signature algorithm that can be modified in JWT header and the use of weak secret key that might be possible to break through bruteforce.

We will test your web application for following JWT vulnerabilities:

None Hashing Algorithm.
Token Sidejacking.
JWT Revocation.
JWT Information Disclosure.
JWT Storage on Client Side.
Weak Token Secret.

Report will detail all the tests conducted and the analysis of all JWT vulnerabilities detected.

Based on our finding through our extensive tests we will provide recommendations in the report on how to fix the JWT vulnerabilities.