How Do I Use JWTs Safely? The Do's and Don'ts

Logo
Presented by

Ira Cherkes Levinshteyn, Senior Software Engineer

About this talk

JSON web tokens (JWTs) are widely used in authentication processes to transfer information in a JSON format while ensuring data integrity. However, just using a JWT is not enough to ensure your information is handled in a secure way. Because JWTs are so simple to use, it's easy to accidentally change the configuration or misuse the data being sent—which can make the application vulnerable even while you're trying to make it secure. In this talk you will learn • What a JWT is and how to avoid common security mistakes when using it • How to properly validate the tokens • Which settings disable the JWT signature and should be avoided • What information should not be sent when creating a JWT

Related topics:

More from this channel

Upcoming talks (20)
On-demand talks (110)
Subscribers (41045)
Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.