Testing Message Brokers vs REST API in a Microservices System (with C# Examples)
In the world of microservices, two communication patterns dominate: synchronous REST APIs and asynchronous message brokers. While both serve different […]
3 July 2025
Exploiting SSRF in Cloud-Only Environments: A Deep Dive
Today, the majority of businesses utilise cloud platforms such as AWS, Azure, and Google Cloud to host their applications and websites. They provide teams with an easy way
Load Testing API Gateways with JWT + OAuth2
The article analyzes the performance and security implications of JWT authentication in a high-throughput API setup using Kong and Keycloak. It highlights issues like acceptance of expired tokens due to misconfigured plugins, emphasizing the need for introspection in ensuring token validity. The findings underscore the necessity of thorough testing under load to avoid security vulnerabilities.
Abusing JWTs: Signature Bypass, None Algorithm & Key Confusion
Introduction JSON Web Tokens (JWTs) are a small, URL-safe method for two parties to exchange claims. JWTs are frequently used