Attacking and Defending JWT Tokens - The Ultimate Guide

Explore the world of JWT tokens in this comprehensive conference talk by Leo Juszkiewicz from Palo Alto Networks. Delve into the fundamentals of JWT tokens, including their functionality, historical context, and rise to prominence as a leading authentication mechanism in modern web applications. Discover how inadequate JWT verification methods can lead to authentication bypass vulnerabilities. Gain in-depth technical knowledge of common exploitation techniques and tactics, illustrated with real-world examples of successful attacks resulting in full account takeovers. Examine statistics and learn best practices for developers to effectively test, remediate, and validate JWT token security. Equip yourself with the ultimate guide to both attacking and defending JWT tokens in container-based web applications.

Attacking and Defending JWT Tokens: The Ultimate Guide - Leo Juszkiewicz, Palo Alto Networks