Showing posts with the label Web Security

Secure JWT Authentication: Refresh Token Rotation and HttpOnly Cookies

Post a Comment
Storing JSON Web Tokens (JWT) in localStorage is a common architectural mistake that leaves applications vulnerable to Cross-Site Scripting (XSS) attacks. Once a malicious script runs in your brows…
Secure JWT Authentication: Refresh Token Rotation and HttpOnly Cookies

Implementación de Rotación de Refresh Tokens y Cookies HttpOnly para JWT

Post a Comment
Almacenar tokens de autenticación en localStorage expone tu aplicación a ataques de Cross-Site Scripting (XSS), permitiendo que cualquier script malicioso robe la sesión del usuario. La persistenci…
Implementación de Rotación de Refresh Tokens y Cookies HttpOnly para JWT

OAuth 2.0 Security: Why PKCE is Mandatory and How to Implement It

Post a Comment
If you are building a mobile app or a Single Page Application (SPA) using standard OAuth 2.0, you are likely vulnerable to an Authorization Code Interception Attack . A malicious app installed on a …
OAuth 2.0 Security: Why PKCE is Mandatory and How to Implement It

OAuth 2.0 및 OIDC 아키텍처 심층 분석과 JWT 보안 전략

Post a Comment
Access-Control-Allow-Origin: * 설정만큼이나 위험한 것이 잘못 구현된 인증 로직입니다. 특히 SPA(Single Page Application)나 모바일 앱 환경에서 레거시 방식인 Implicit Grant Flow를 여전히 사용하고 있거나, Access Token을 LocalStorage에 평문으로 저장하여 XSS(Cross…
OAuth 2.0 및 OIDC 아키텍처 심층 분석과 JWT 보안 전략
OlderHomeNewest