JWAT… Attacking JSON Web Tokens
Loading
0 %
| Key | Action |
|---|---|
| K or space | Play / Pause |
| M | Mute / Unmute |
| C | Select next subtitles |
| A | Select next audio track |
| V | Show slide in full page or toggle automatic source change |
| left arrow | Seek 5s backward |
| right arrow | Seek 5s forward |
| shift + left arrow or J | Seek 10s backward |
| shift + right arrow or L | Seek 10s forward |
| control + left arrow | Seek 60s backward |
| control + right arrow | Seek 60s forward |
| shift + down arrow | Decrease volume |
| shift + up arrow | Increase volume |
| shift + comma | Decrease playback rate |
| shift + dot or shift + semicolon | Increase playback rate |
| end | Seek to end |
| beginning | Seek to beginning |
You can right click on slides to open the menu
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Creation date:
July 2, 2019Number of views:
161Speakers:
Louis NyffeneggerCompany:
PentesterLabLicense:
CC BY-SA v4Description
Nowadays, JSON Web Tokens are everywhere. They are used as session tokens or just to pass data between applications or µservices. By design, JWT contains a high number of security and cryptography pitfalls. In this talk, we are going to learn how to exploit (with demos) some of those issues.
Speaker
Louis Nyffenegger (PentesterLab)
Bio
Louis Nyffenegger is a security engineer based in Melbourne, Australia. He performs pentest, architecture and code review. Louis is the founder of PentesterLab, a learning platform for web penetration testing. Recently, Louis talked at Owasp AppsecDay Melbourne and ran 2 workshops at Defcon 2018.
Other media in the channel "2019"
966 views, 3 this monthPatrOwl - Orchestrating SecOps with an open-source SOAR platformJuly 3rd, 2019
135 viewsBetter curl !July 3rd, 2019
78 views, 3 this monthManaging a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and ZabbixJuly 3rd, 2019
32 viewsNo IT security without Free SoftwareJuly 3rd, 2019
33 views, 1 this monthD4 Project - Design and Implementation of an Open Source Distributed and Collaborative Security MonitoringJuly 3rd, 2019
15 viewsProgramming research, a missed opportunity for secure and libre software?July 3rd, 2019