seaerkin

I agree with the author. Is it highly unlikely, sure, but it's important to create awareness of the risks associated. At the end of the day, you are sending potentially sensitive data to a third party.

Good security posture is all about building habits and I personally don't want myself or my team being comfortable with the idea of pasting code or JSON config files into a third party system.

If any of these online tools are sending your data to the server, don't use them. You don't know what happens with your data once you send it and accidents happen even if the service has your best interests in mind.

For the ones that are client side, such as JSON-to-go. You can save the client side code locally, set a bookmark, and use your local version instead.

evanreichard
I keep a copy of CyberChef [0] locally. Can do the majority of the data manipulation I need. Does JWT Decoding / Signing / Verification and JSON Validation / Pretty as well. You can experiment with insignificant data here [1].

[0] https://github.com/gchq/CyberChef

[1] https://gchq.github.io/CyberChef/