JWAT… Attacking JSON Web Tokens

Loading
Loading Click here to add:
Add to notification list

Nowadays, JSON Web Tokens are everywhere. They are used as session tokens or just to pass data between applications or µservices. By design, JWT contains a high number of security and cryptography pitfalls. In this talk, we are going to learn how to exploit (with demos) some of those issues.

Speaker

Louis Nyffenegger (PentesterLab)

Bio

Louis Nyffenegger is a security engineer based in Melbourne, Australia. He performs pentest, architecture and code review. Louis is the founder of PentesterLab, a learning platform for web penetration testing. Recently, Louis talked at Owasp AppsecDay Melbourne and ran 2 workshops at Defcon 2018.