Questions tagged [json]

JSON (JavaScript Object Notation) is an open standard for encoding data in both human-readable and machine-readable form, usually for transmission to or from a web API. Use this tag for security issues relating to the format itself, or where the fact that the data is json-formatted is core to the question. For questions about web APIs where the security issue does not depend on the data format, please use [api]

JSON (JavaScript Object Notation) is an open standard for encoding data in both human-readable and machine-readable form, usually for transmission to or from a web API.

Use this tag for security issues relating to the format itself, or where the fact that the data is json-formatted is core to the question. For questions about web APIs where the security issue does not depend on the data format, please use api

Links:

JSON project homepage
JSON is specified in RFC 7159

126 questions

votes

1 answer

Why does OWASP recommend to never return JSON arrays not wrapped in objects?

AJAX Security Cheat Sheet § Always return JSON with an Object on the outside says: Always have the outside primitive be an object for JSON strings: Exploitable: [{"object": "inside an array"}] Not exploitable: {"object": "not inside an array"} Also…

json

asked Mar 26 '24 at 21:04

gaazkam

6,015
11
28
45

votes

1 answer

Is JSON Hijacking different than JSONP injection?

I am quite confused while understanding these two vulnerabilities. How are JSONP-related vulnerabilities different from JSON Hijacking?

json

asked Sep 19 '17 at 18:34

PenGeek

votes

1 answer

How to Protect JSON Data

Hi I am using JSON on User Interface side. I want to protect that data. What are the possible ways I can protect my JSON. I have a scenario where I am having JSON Object with data on User Interface side. While performing update operation using…

json

asked Jan 31 '14 at 13:23

Utsav

votes

4 answers

Securing JSON? Is it justifiable to return html code instead of json to prevent copy cat?

In one website I had to manually enter first hand data, which is a really tiresome job. I am concerned if I return such data in json, it would be too easy to parse and incorporate into other's database, render my previous effort futile. In this case…

json

asked Jul 18 '13 at 17:06

StCee

vote

1 answer

How to exploit escapable JSON parameters

I have an HTML page with this bit of code in it:

So where it says redacted, there are a lot of…

json

asked Jul 07 '18 at 22:59

Jack

votes

4 answers

How to protect JSON

Hi i am working with JSON. I want to protect my JSON . I am getting JSON on the User Interface side by a service call using a Jquery. Is there some mechanism by which the JSON which i am returning from my service is encrypted JSON and when i am…

json

asked Apr 04 '14 at 20:10

Utsav