Pen testing

Abusing JWT (JSON Web Tokens) – Sven Morgenroth – PSW #673

November 6, 2020

Sponsored By

sponsor Visit for more information!

Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers!

This segment is sponsored by Netsparker.

Visit to learn more about them! Visit for all the latest episodes!

Full Episode Show Notes

Abusing JWT (JSON Web Tokens)

Link to view Sven’s slide deck:


[caption id="attachment_210" align="alignleft" width="120"]Doug White Doug White - Professor[/caption] [caption id="attachment_210" align="alignleft" width="120"]Lee Neely Lee Neely - Senior Cyber Analyst [/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Tyler Robinson Tyler Robinson - Managing Director of Network Operations[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Sven Morgenroth Sven Morgenroth - Security Researcher [/caption]


  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit to view the agenda and register for free!

[audio src=""]
prestitial ad