Documentation

1. Best Practice for rate limiting: https://developers.cloudflare.com/waf/rate-limiting-rules/best-practices/

2. Securing APIs: Express rate limit and slow down:

   https://developer.mozilla.org/en-US/blog/securing-apis-express-rate-limit-and-slow-down/

3. (OWASP Cheat Sheet Series) JWT for Java :

   https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html

4. (0Auth by Otka) Signing Algorithms :

   https://auth0.com/blog/rs256-vs-hs256-whats-the-difference/

5. (npmjs JSONWEBTOKEN) :

   https://www.npmjs.com/package/jsonwebtoken

6. (How to properly secure your JWT) :

   https://www.softwaresecured.com/post/how-to-properly-secure-your-jwts

Video

1. (Kyle Cook) Web Dev Simplified “JWT Authentication Tutorial” :

   https://www.youtube.com/watch?v=mbsmsi7l3r4

2. (Kyle Cook) Build Node.js User Authentication - Password Login

   https://www.youtube.com/watch?v=Ud5xKCYQTjM

3. (Loi Liang Yang) How Hackers Hack JSON Web Tokens :

   https://www.youtube.com/watch?v=RFKbHrqMiv8

4. (Auth0) RS256 vs HS256: What's the Difference?

   https://www.youtube.com/watch?v=iSStmRn05nA&t=3s

Tools/ Breach:

1. https://medium.com/@musab_alharany/10-ways-to-exploit-json-web-token-jwt-ac5f4efbc41b
2. https://github.com/ticarpi/jwt_tool