JWTs: The Good, the Bad, and the Ugly (Security Edition)
JSON Web Tokens (JWTs) are a popular way of securely transmitting information between parties. They have numerous benefits, such as being stateless, easily verifiable, and compatible with many different platforms. However, despite their advantages, JWTs can also present a number of security risks if not properly implemented or used. In this talk, we will explore the good, the bad, and the ugly of JWTs from a security standpoint. We will examine common vulnerabilities and discuss best practices for mitigating these risks. By the end of this talk, attendees will have a better understanding of the potential dangers of JWTs and how to avoid them, as well as a deeper appreciation for the importance of secure token-based authentication.
Learning Objectives:
- Understand the basics of JSON Web Tokens
- Define what JSON Web Tokens (JWTs) are
- Define the standard structure of a JWT
- Explore the advantages of JWTs:
- Understand the benefits of using JWTs for secure information transfer
- Understand how JWTs can be used for authentication and authorization.
- Identify security risks associated with JWTs:
- Recognize the potential vulnerabilities in JWTs
- Understand the different types of attacks against JWTs
- Understand the types of attacks that are performed on JWTs
- Learn about token tampering attacks
- Learn about injection attacks using JWTs
- Mitigations for JWTs security risks
- Best practices for securing JWTs
- Understand the importance of verifying signatures and metadata, and using strong encryption
