Three New Attacks Against JSON Web Tokens

Three New Attacks Against JSON Web Tokens

Tom Tervoort

#BHUSA @BlackHatEvents

Speaker intro

#BHUSA @BlackHatEvents

Outline

1. Background

- Transferring identity claims - JSON Web Tokens - Prior attacks - Criticisms

2. New attacks

- Sign/encrypt confusion - Polyglot token - Billion hash attack

3. Takeaways

#BHUSA @BlackHatEvents

Background

#BHUSA @BlackHatEvents

Transferring identity claims

Classic (stateful) approach

#BHUSA @BlackHatEvents

................
................

In order to avoid copyright disputes, this page is only a partial summary.

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download

rfc 8725 json web token best current practices ietf
three new attacks against json web tokens
json web tokens jwt pragmatic web security
jwt security cheatsheet page 1 pentesterlab
json web token jwt based client authentication in message
rfc 9068 json web token jwt profile for oauth 2 0 access
attacking and securing jwt owasp foundation

Three New Attacks Against JSON Web Tokens

Token json

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches