Tool · OWASP A02 — Cryptographic Failures

JWT Inspector

Decode and audit JSON Web Tokens. Everything happens in your browser — your tokens never leave the page. Verifies HMAC signatures, flags common misuses (alg:none, kid injection, long lifetimes, sensitive claims), and tries a small list of common secrets.