Detection Engineering
JWT Misconfiguration: Detection and Defense
JWT misconfiguration detection and defense — alg:none, RS256-to-HS256 confusion, and kid injection, with header-logging detection, Sigma rules, and MITRE mapping.
#api-security
2 articles
Defensive Research
Broken Access Control Testing for Defenders
Broken access control testing for defenders — detect IDOR and BOLA from authorization-failure telemetry with Sigma and SPL rules, plus deny-by-default hardening.