How this template works
The template uses API selection filters to specify the criteria for selecting the API requests to be executed. In this case, the template filters the requests based on the response code, ensuring that it is greater than or equal to 200 and less than 300. It also checks if the request headers contain a specific value related to JWT.
The template uses the execute section to define the type of request to be executed. In this case, it is a single request. The request is specified under the "requests" field, where you can define multiple requests if needed. The template also includes a replace_auth_header field, which replaces the authentication header with a specific token value from the auth_context.
The template includes a validation section to validate the response of the executed request. It checks the response code to ensure it is within the range of 200 to 300, indicating a successful response. If the response code meets the validation criteria, the template considers the request as valid.
Frequently asked questions
What is the purpose of the "JWT None Algorithm" vulnerability test
How does the test determine if the server is vulnerable to the "JWT None Algorithm" attack
What are the potential impacts of the "JWT None Algorithm" vulnerability
What category and subcategory does the "JWT None Algorithm" vulnerability fall under
Are there any references available for further information on the "JWT None Algorithm" vulnerability
What are the authentication requirements for this vulnerability test