Talk With an Expert

JWTs: The Good, the Bad, and the Ugly (Security Edition)

  • Tue, Apr 2, 2024
  • 10:00AM - 11:00AM UTC
  • English
  • Joshua Barone
  • Technical Presentation
Webcast Hero

JSON Web Tokens (JWTs) are a popular way of securely transmitting information between parties. They have numerous benefits, such as being stateless, easily verifiable, and compatible with many different platforms. However, despite their advantages, JWTs can also present a number of security risks if not properly implemented or used. In this talk, we will explore the good, the bad, and the ugly of JWTs from a security standpoint. We will examine common vulnerabilities and discuss best practices for mitigating these risks. By the end of this talk, attendees will have a better understanding of the potential dangers of JWTs and how to avoid them, as well as a deeper appreciation for the importance of secure token-based authentication.

Learning Objectives:

    • Define what JSON Web Tokens (JWTs) are
    • Define the standard structure of a JWT
    • Understand the benefits of using JWTs for secure information transfer
    • Understand how JWTs can be used for authentication and authorization.
    • Recognize the potential vulnerabilities in JWTs
    • Understand the different types of attacks against JWTs
    • Learn about token tampering attacks
    • Learn about injection attacks using JWTs
    • Best practices for securing JWTs
    • Understand the importance of verifying signatures and metadata, and using strong encryption

Meet the speaker

Joshua Barone
Joshua Barone

Joshua Barone

Architect

Joshua Barone has over 10 years of experience as a software developer, specializing in security design and development. He has been developing software for over 20 years, with a focus on simple and secure code.

Read more about Joshua Barone