creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
e8105a2f4dc0fee96c21129addd776a3f5a76948
Anthropic-Cybersecurity-Skills/skills/testing-mobile-api-authentication/references/workflows.md
T

1.5 KiB
Raw Blame History

Workflows: Mobile API Authentication Testing

Workflow 1: Authentication Assessment

[Intercept traffic] --> [Map auth endpoints] --> [Analyze token format]
                                                        |
                                          +-------------+-------------+
                                          |             |             |
                                    [JWT analysis] [OAuth flow]  [Session mgmt]
                                    [None alg]     [PKCE check]  [Expiration]
                                    [Key brute]    [Redirect URI] [Logout invalidation]
                                          |             |             |
                                          +-------------+-------------+
                                                        |
                                                 [IDOR testing]
                                                 [Privilege escalation]
                                                 [Report findings]

Decision Matrix: Token Vulnerability Testing

Token Type Primary Tests Tools
JWT (HS256) Key brute force, none algorithm, claim manipulation jwt_tool, hashcat
JWT (RS256) Algorithm confusion, public key retrieval, key ID manipulation jwt_tool
Opaque Entropy analysis, predictability, server-side invalidation Burp Sequencer
OAuth Bearer Scope escalation, redirect URI manipulation, PKCE enforcement Burp, Postman
Reference in New Issue View Git Blame Copy Permalink