JSON Web Tokens (JWTs) are a popular way of securely transmitting information between parties. They have numerous benefits, such as being stateless, easily verifiable, and compatible with many different platforms. However, despite their advantages, JWTs can also present a number of security risks if not properly implemented or used. In this talk, we will explore the good, the bad, and the ugly of JWTs from a security standpoint. We will examine common vulnerabilities and discuss best practices for mitigating these risks. By the end of this talk, attendees will have a better understanding of the potential dangers of JWTs and how to avoid them, as well as a deeper appreciation for the importance of secure token-based authentication.
Learning Objectives:
- Define what JSON Web Tokens (JWTs) are
- Define the standard structure of a JWT
- Understand the benefits of using JWTs for secure information transfer
- Understand how JWTs can be used for authentication and authorization.
- Recognize the potential vulnerabilities in JWTs
- Understand the different types of attacks against JWTs
- Learn about token tampering attacks
- Learn about injection attacks using JWTs
- Best practices for securing JWTs
- Understand the importance of verifying signatures and metadata, and using strong encryption
