Detectify has introduced new vulnerability tests for OAuth API authorization focused on JWT tokens, addressing critical issues like algorithm confusion and other potential misconfigurations. Unlike many vendors that rely on open-source tools, Detectify has developed a proprietary API scanning engine that employs dynamic payloads, enabling unique, randomized tests with each scan to uncover vulnerabilities that static checks might miss. This approach allows for massive scale testing with reproducible results, using a "seed" system akin to generating specific worlds in Minecraft, ensuring verifiable and actionable findings. The engine, built by Detectify's internal security research team, emphasizes exploitability and high-fidelity results, reducing false positives and noise often encountered with general-purpose open-source tools. Tailored for modern application architectures, Detectify’s scanner not only detects high and critical vulnerabilities but also identifies issues like misconfigured JWT tokens and missing security headers, providing comprehensive coverage that meets the specific needs of AppSec teams.