Do you really know JWT? by Karim Pinchon

Security

Explore the ins and outs of JSON Web Tokens (JWT), a standard for secure claims representation, and learn best practices for implementation in APIs, web apps, and microservices.

Key takeaways
  • JWT is a standard for representing claims securely between two parties.
  • JWT consists of three parts: header, payload, and signature.
  • The header contains the algorithm used for signing and encoding.
  • The payload contains the claims or data to be transferred.
  • The signature is generated using a private key and used to verify the token.
  • JWT is used for authentication, authorization, and cryptography.
  • Symmetric and asymmetric algorithms are used for signing and encryption.
  • JWT has two implementations: JSON Web Signature (JWS) and JSON Web Encryption (JWE).
  • JWS is used for signing and authentication, while JWE is used for encryption and confidentiality.
  • JWT is used in APIs, web applications, and microservices.
  • JWT has security vulnerabilities, such as unsecured tokens, token tampering, and brute-force attacks.
  • Best practices for using JWT include using symmetric and asymmetric algorithms, validating the signature, and keeping the token compact.
  • JWT can be used for authentication, authorization, and cryptography.
  • JWT is used in OAuth2 and OpenID Connect.

More talks

Safeguarding Privacy and Mitigating Vulnerabilities: Navigating Security Challenges in Generative AI

Google Reimagined a Phone. It was Our Job to Red Team and Secure it.

Supply Chain Security with Go

Managing the Test Data Nightmare - Andrew Knight

SAINTCON 2023 - James Cabe - Building an Isolated Recovery Environment

Protect Your Code with GitHub Security Features • Rob Bos • GOTO 2023

🚀 Securing Your Infrastructure with Vault (Paul Stack)

Unlocking the Web: Exploring WebAuthn & Beyond • Eli Holderness & Mark Rendle