Breaking JSON Web Tokens

JSON Web Tokens (JWT) are commonly used to implement authentication and authorization on websites and APIs. While there are numerous cases for why you really should not use JWT in your applications, it is very common to see them all around the internet as API and session tokens.

Read more

RangeForce Closes $1.5M to Power IT & Security Pros with Measurable Defense Skills

We’re thrilled to announce that we have closed a $1.5 million in seed funding led by Paladin Capital Group with participation from Trind Ventures. Gibb Witham from Paladin Capital Group will join our board of directors.

Read more

NoSQLMap

Today we are going to take a look at NoSQLMap - a tool that is designed to find and exploit various NoSQL vulnerabilities. NoSQLMap is largely oriented towards testing MongoDB and CouchDB, but support for other NoSQL databases such as Redis and Cassandra is planned for future releases.

Read more

NoSQL Injection

The NoSQL injection vulnerability can be used by a malicious actor to access and modify sensitive data, including usernames, email addresses, password hashes and login tokens. Chained with other vulnerabilities it can lead to a full site takeover.

Read more