JWT Scan Rule

Docs > Alerts

Details
Alert ID	40036
Alert Type	Active
Status	alpha
Risk	Medium
CWE
WASC
Technologies Targeted	All
Tags

Summary

Scanner for finding vulnerabilities in JWT implementations.

Solution

See reference for further information. The solution depends on implementation details

Other Info

References

https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html

Code

org/zaproxy/zap/extension/jwt/JWTActiveScanRule.java