Session
Using JWT safely: the do's and don'ts
JSON Web Tokens (JWTs) became widely used in authentication processes to transfer information in a JSON format while ensuring data integrity. However merely using a JWT is not enough to ensure your information is handled in a secure way. Due to its simplicity, it is common to change the configuration or misuse the data that is sent, thus building a vulnerable application while thinking it's perfectly secure.
In this talk you will learn what a JWT is and how to avoid common security mistakes when using it. We will discuss proper validation of the tokens, settings that disable the JWT signature and should be avoided, and what information should not be sent when creating a JWT.
Ira Cherkes Levinshteyn
Senior Software Engineer, Synopsys.
Reẖovot, Israel
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top