JWAT… Attacking JSON Web Tokens

Loading Click here to add:
Add to notification list

Nowadays, JSON Web Tokens are everywhere. They are used as session tokens or just to pass data between applications or µservices. By design, JWT contains a high number of security and cryptography pitfalls. In this talk, we are going to learn how to exploit (with demos) some of those issues.


Louis Nyffenegger (PentesterLab)


Louis Nyffenegger is a security engineer based in Melbourne, Australia. He performs pentest, architecture and code review. Louis is the founder of PentesterLab, a learning platform for web penetration testing. Recently, Louis talked at Owasp AppsecDay Melbourne and ran 2 workshops at Defcon 2018.