Application security

Abusing JWT (JSON Web Tokens) – Sven Morgenroth – PSW #673

Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers!

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them!

Sponsored By

Netsparker
Full episode and show notes

Announcements

  • Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!

Guest

Sven Morgenroth
Sven Morgenroth
Security Researcher at Netsparker

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome’s XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Doug White
Doug White
Professor at Roger Williams University
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element
prestitial ad