GraphQLWeb SecurityPentestBasic Pentesting of a GraphQL Setup19 July 2024·632 words·3 minsOne open Introspection Query let me list the entire GraphQL schema. A real pentest case of a common but costly setup mistake.
CookieWeb SecurityOWASPSecure, HttpOnly, SameSite: The Three Guardians of Your Cookie23 May 2024·479 words·3 minsOne badly set cookie is enough for an attacker to pretend to be you. Meet the three lines of defense (Secure, HttpOnly, SameSite) and how to turn them on.
JWTWeb SecurityAuthenticationHow JWT Works11 April 2024·570 words·3 minsHow does one string split by dots hold up the login for modern websites? Breaking down the three parts of a JWT, and the traps to avoid.