@MISC{OWASP:1, HOWPUBLISHED="\url{https://owasp.org/www-project-mobile-top-10/2016-risks/m6-insecure-authorization}", AUTHOR="The OWASP® Foundation", TITLE="M6: Insecure Authorization", YEAR=2016 } @MISC{OWASP:2, HOWPUBLISHED="\url{https://owasp.org/www-project-mobile-top-10/2016-risks/}", AUTHOR="The OWASP® Foundation", TITLE="Top 10 Mobile Risks - Final List 2016", YEAR=2016 } @MISC{AUTH0:1, HOWPUBLISHED="\url{https://auth0.com/intro-to-iam/what-is-authorization/}", TITLE="What is Authorization?" } @MISC{JWT:1, HOWPUBLISHED="\url{https://www.rfc-editor.org/rfc/rfc7519}", AUTHOR="M. Jones, J. Bradley, N. Sakimura", TITLE="JSON Web Token (JWT)", MONTH="May", YEAR=2015, } @MISC{HMACSHA:1, HOWPUBLISHED="\url{https://en.wikipedia.org/wiki/HMAC}", TITLE="HMAC" } @MISC{JWT:2, HOWPUBLISHED="\url{https://jwt.io/}", } @MISC{DJ-REST-AUTH:1, HOWPUBLISHED="\url{https://dj-rest-auth.readthedocs.io/en/latest/installation.html#json-web-token-jwt-support-optional}", } @MISC{PYJWT:1, HOWPUBLISHED="\url{https://pyjwt.readthedocs.io/en/latest/}", } @MISC{JWT-ATTACK:1, HOWPUBLISHED="\url{https://portswigger.net/web-security/jwt}", } @MISC{JWK:1, HOWPUBLISHED="\url{https://www.rfc-editor.org/rfc/rfc7517}", AUTHOR="M. Jones", TITLE="JSON Web Key (JWK)", MONTH="May", YEAR=2015, } @MISC(XHR:1, HOWPUBLISHED="\url{https://developer.mozilla.org/en-US/docs/Glossary/XHR_(XMLHttpRequest)}" } @MISC{WIRESHARK:1, HOWPUBLISHED="\url{https://www.wireshark.org/}" } @MISC{REDDIT:1, HOWPUBLISHED="\url{https://www.reddit.com/dev/api#GET_api_v1_me}" } @MISC{JWT_SECRET_LIST:1, HOWPUBLISHED="\url{https://raw.githubusercontent.com/wallarm/jwt-secrets/master/jwt.secrets.list}" } @MISC{HASHCAT, HOWPUBLISHED="\url{https://hashcat.net/hashcat/}" } @MISC{IONIC, HOWPUBLISHED="\url{https://ionicframework.com/}" } @MISC{ANDROIDSTUDIO, HOWPUBLISHED="\url{https://developer.android.com/studio/}" } @MISC{APKVSAAB:1, HOWPUBLISHED="\url{https://beebom.com/apk-vs-aab/}" AUTHOR="Arjun Sha", TITLE="APK vs AAB", YEAR=2021, }