Using and Abusing JWTs: The road to authentication bypass
Format: workshop
Date: 2024-09-10
Duration: 240 minutes
Venue: Base42
JSON Web Tokens are everywhere - you are using a bunch of them right now. It’s such a common technology, yet, it’s very easy to get them wrong. In this workshop, we get to the nitty gritty of JWT’s - what they are, how they work, and how to make sure that we haven’t made an app that just waits to be hacked.
The workshop’s goal is to make developers and security teams aware of the pitfalls accompanying JWT’s by delving deep into some scenarios of real cases where JWT’s were used improperly making them susceptible to hacking. In our experience, improper implementation of JWTs is extremely commonplace since JWT’s are often associated with magical thinking, i.e. “I’m using JWT’s and I’m secure”.
JWT’s are a powerful tool, and like all powerful tools it should be used carefully, with full understanding of what it does and how to be safe while using it.