1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
@MISC{OWASP:1,
HOWPUBLISHED="\url{https://owasp.org/www-project-mobile-top-10/2016-risks/m6-insecure-authorization}",
AUTHOR="The OWASP® Foundation",
TITLE="M6: Insecure Authorization",
YEAR=2016
}
@MISC{OWASP:2,
HOWPUBLISHED="\url{https://owasp.org/www-project-mobile-top-10/2016-risks/}",
AUTHOR="The OWASP® Foundation",
TITLE="Top 10 Mobile Risks - Final List 2016",
YEAR=2016
}
@MISC{AUTH0:1,
HOWPUBLISHED="\url{https://auth0.com/intro-to-iam/what-is-authorization/}",
TITLE="What is Authorization?"
}
@MISC{JWT:1,
HOWPUBLISHED="\url{https://www.rfc-editor.org/rfc/rfc7519}",
AUTHOR="M. Jones, J. Bradley, N. Sakimura",
TITLE="JSON Web Token (JWT)",
MONTH="May",
YEAR=2015,
}
@MISC{BEARER,
HOWPUBLISHED="\url{https://www.rfc-editor.org/rfc/rfc6750}",
AUTHOR="M. Jones, D. hardt",
TITLE="The OAuth 2.0 Authorization Framework: Bearer Token Usage",
MONTH="Oct",
YEAR=2012,
}
@MISC{HMACSHA:1,
HOWPUBLISHED="\url{https://en.wikipedia.org/wiki/HMAC}",
TITLE="HMAC"
}
@MISC{JWT:2,
HOWPUBLISHED="\url{https://jwt.io/}",
}
@MISC{DJ-REST-AUTH:1,
HOWPUBLISHED="\url{https://dj-rest-auth.readthedocs.io/en/latest/installation.html#json-web-token-jwt-support-optional}",
}
@MISC{PYJWT:1,
HOWPUBLISHED="\url{https://pyjwt.readthedocs.io/en/latest/}",
}
@MISC{JWT-ATTACK:1,
HOWPUBLISHED="\url{https://portswigger.net/web-security/jwt}",
}
@MISC{JWK:1,
HOWPUBLISHED="\url{https://www.rfc-editor.org/rfc/rfc7517}",
AUTHOR="M. Jones",
TITLE="JSON Web Key (JWK)",
MONTH="May",
YEAR=2015,
}
@MISC{JTI,
HOWPUBLISHED="\url{https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7}",
AUTHOR="M. Jones",
TITLE="jti (JWT ID) Claim",
MONTH="May",
YEAR=2015,
}
@MISC(XHR:1,
HOWPUBLISHED="\url{https://developer.mozilla.org/en-US/docs/Glossary/XHR_(XMLHttpRequest)}"
}
@MISC{WIRESHARK:1,
HOWPUBLISHED="\url{https://www.wireshark.org/}"
}
@MISC{GITHUB:1,
HOWPUBLISHED="\url{https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-a-user}"
}
@MISC{JWT_SECRET_LIST:1,
HOWPUBLISHED="\url{https://raw.githubusercontent.com/wallarm/jwt-secrets/master/jwt.secrets.list}"
}
@MISC{HASHCAT,
HOWPUBLISHED="\url{https://hashcat.net/hashcat/}"
}
@MISC{APKVSAAB:1,
HOWPUBLISHED="\url{https://beebom.com/apk-vs-aab/}"
AUTHOR="Arjun Sha",
TITLE="APK vs AAB",
YEAR=2021,
}
@MISC{OKTA:1,
HOWPUBLISHED="\url{https://www.okta.com/identity-101/what-is-token-based-authentication/}"
}
@MISC{OKTA:2,
HOWPUBLISHED="\url{https://www.okta.com/identity-101/authentication-vs-authorization}"
}
|