The Hacker's Guide to JWT Security

Explore the security risks and best practices of JSON Web Token (JWT) authentication in this 48-minute conference talk from Devoxx. Dive into various vulnerabilities, including confidentiality issues, algorithm and library weaknesses, token cracking, and sidejacking. Watch live demonstrations of user account hijacking through client-side, server-side, and transport exploits. Learn about common mistakes, vulnerabilities, and best practices for implementing JWT authentication and using JWT libraries. Gain insights from Patrycja Wegrzynowicz, a software expert specializing in automated software engineering and Java technologies, as she covers topics such as RFC 7519, io.jsonwebtoken, algorithm selection, hashcat, XSS attack vectors, OWASP recommendations, and basic security hygiene measures.

Intro
About Me
RFC 7519, JSON Web Token
io.jsonwebtoken
Another Library with None Problem
Library API Problem
Why to Require Algorithm and Key?
hashcat
Demo #2, Problems
JWT, Algorithms
JWT, HS Family
XSS Attack Vector
Problems and Solutions
OWASP Token Sidejacking Solution
Basic Hygiene: Timeouts and Logouts
Continuous Learning