An example of a vulnerability in the early JWT token node.js library: https://github.com/gluckzhang/ctf-jwt-token

Basic Introduction to JWT Token

According to standard RFC 7519, JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.

- Read the full article -

Introduction

If you are into Docker and Kubernetes, and have some IaaS resource at hand. Probably you could try to build a nice Kubernetes cluster by yourself instead of deploying the work to some cloud platform. In this way you learn more about the design of Kubernetes and also have the total control of your cluster on host machine level.

Some Good Reading Materials

• Kubernetes Documentation
• Kubernetes中文指南/云原生应用架构实践手册

- Read the full article -

Background

This post introduces 2 basic solutions about docker monitoring. And what's more, we want to dig into metrics exporting methods. In order to do some data analysis, we want to extract metrics in a usable/simple format (e.g. CSV). It's easy to query some metrics, but the tools paid less attention to export multiple metrics joined by timestamp(this can be some scenarios about data analysis, or dev daily report), we are going to build a small tools for this.

- Read the full article -

What is byte-monkey

Byte-Monkey is a small Java library for testing failure scenarios in JVM applications - it works by instrumenting application code on the fly to deliberately introduce faults like exceptions and latency. Original blogpost here.

Original git repo
Forked one to do short-circuit testing

How to use

- Read the full article -