Attacking and Securing JWT - OWASP Foundation

Attacking and Securing JWT

By @airman604 for @OWASPVanouver

$ whoami

JWT

JWT = JSON Web Tokens

Defined in RFC 7519

Extensively used on the web, for example in OpenID Connect

Why people use JWT?

(Somewhat) secure way to exchange authentication information ("claims") Stateless session management, no session cookies Once configured (establishes trust), backend doesn't need to talk to

authorization server

Typical Use

A Closer Look...

................
................

In order to avoid copyright disputes, this page is only a partial summary.

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download

rfc 8725 json web token best current practices ietf
three new attacks against json web tokens
json web tokens jwt pragmatic web security
jwt security cheatsheet page 1 pentesterlab
json web token jwt based client authentication in message
rfc 9068 json web token jwt profile for oauth 2 0 access
attacking and securing jwt owasp foundation

Attacking and Securing JWT - OWASP Foundation

Token json

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches