# Web Sec + JWT Attacks + Not verifying signatures + Accepting without signatures + Weak secret + Self signed JWK parameters + File Uploads + Extension bypass + User uploadable folder + Configuration file upload + Information Disclosure + SQL Injection + In band + Error based + Union based + Boolean based + Time-based + Out-of-band + Cross-Site Scripting + Types: Stored, DOM-based, Reflected + Prevention: + CSP +