Decode all JWTs and examine the `alg` header - Test `"alg": "none"` with an empty signature - If RS256, test algorithm confusion to HS256 - Test `jku` and `x5u` header injection - Test `kid` parameter for injection - Verify claim validation (exp, nbf, iss, aud)