owasp-zap-jwt-addon
owasp-zap-jwt-addon copied to clipboard
SasanLabs
OWASP ZAP addon for finding vulnerabilities in JWT Implementations
**Describe the bug** As the options panel for the JWT addon is complex, we should add the help index for the addon so that users can see the help index...
**Is your feature request related to a problem? Please describe.** As the addon was made an year ago and there might be many new Vulnerabilities related to JWT are introduced....
**Is your feature request related to a problem? Please describe.** Currently, we only handle JWT signed using HMAC or RSA but we have not handled the JWT's signed by Elliptic...
**Is your feature request related to a problem? Please describe.** It would be great if the JWT add-on could check for JWT issues related to [CVE-2022-21449](https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/). **Describe the solution you'd...
This addon should contain the ability to encode/decode JWT tokens found in the request, so that JWT tokens can be tested on fly
**Is your feature request related to a problem? Please describe.** The scan rules present at https://github.com/SasanLabs/owasp-zap-jwt-addon/tree/master/src/main/java/org/zaproxy/zap/extension/jwt/attacks are not having header param injections mentioned at https://portswigger.net/web-security/jwt. There are few other attacks...
I'm new to ZAP and I'm having a problem understanding this plug-in. Therefore, it would be nice if I knew the getting started tutorial instead of trying to understand the...
**Is your feature request related to a problem? Please describe.** We have currently only handing JWS but we have not handled JWE so under this enhancement we are looking to...
**Is your feature request related to a problem? Please describe.** As JWT's should not be very long lived because of revocation issue hence an alert of low priority can be...
**Is your feature request related to a problem? Please describe.** As Scanners cannot add all the types of payloads into its execution but in case the user wants custom payloads/additional...