[[JWT attacks]] : JWTs ( JSON Web Token )

Input Validation Mechanisms

• Blacklisting
• Whitelisting

Cross-Site Scripting

SQL Injection

XML External Entity Attack

Cross-Site Request Forgery

Encoding, Encryption and Hashing

Authentication Related Vulnerabilities

• Brute force Attacks
• Password Storage and Password Policy

Understanding of OWASP Top 10 Vulnerabilities

Security Best Practices and Hardening Mechanisms

• Same Origin Policy
• Security Headers

TLS security

• TLS Certificate Misconfiguration
• Symmetric and Asymmetric Ciphers

Server-Side Request Forgery

Authorization and Session Management Related Flaws –

• Insecure Direct Object Reference (IDOR)
• Privilege Escalation
• Parameter Manipulation attacks
• Securing Cookies

Insecure File Uploads

Code Injection Vulnerabilities

Business Logic Flaws

Directory Traversal Vulnerabilities

Security Misconfigurations

Information Disclosure

Vulnerable and Outdated Components

Common Supply Chain Attacks and Prevention Methods