Attacking and Securing JWT - OWASP