I am working on security analysis of jwt python libraries. I want to analyze how the libraries work and how they were used in development. Not the source code. Also I have to check the jwt libraries against known attacks like:
None algorithm
RS256 to HS256 key confusion attack
Weak symmetric keys
Incorrect composition of encryption and signature
Insecure use of elliptical curve attacks
Same recipient / cross JWT confusion
How to check against such attacks for a set of python libraries?
Also I have the following questions:
What do you expect to see in a security analysis of jwt python libraries?
How to perform such analysis?
I tried to search for existing code that uses these libraries to analyze it with no luck with that. I also installed burp suite and jwt_tool but still, I can't figure out the approach of such analysis.
I searched for similar analysis from the security field but I can't find anything close to what I am working on.
I have been searching without luck for similar works to be able to understand what I am expected to do and how to do it. I have a good background in network security, but I don't have any background in web applications security.