Pen testing

Abusing JWT (JSON Web Tokens) – Sven Morgenroth – PSW #673

November 6, 2020

Sponsored By

sponsor Visit https://securityweekly.com/netsparker for more information!

Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers!

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Abusing JWT (JSON Web Tokens)

Link to view Sven’s slide deck: https://securityweekly.com/psw-673-json-web-token-security-sven-morgenroth-netsparker/

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Doug White Doug White - Professor[/caption] [caption id="attachment_210" align="alignleft" width="120"]Lee Neely Lee Neely - Senior Cyber Analyst [/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Tyler Robinson Tyler Robinson - Managing Director of Network Operations[/caption]

Guests

[caption id="attachment_210" align="alignleft" width="120"]Sven Morgenroth Sven Morgenroth - Security Researcher [/caption]

Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

[audio src="http://traffic.libsyn.com/sw-all/PSW_673-_Sven_M_Netsparker-0_converted.mp3"]
prestitial ad