How Do I Use JWTs Safely? The Do's and Don'ts

Logo
Presented by

Ira Cherkes Levinshteyn, Senior Software Engineer

About this talk

JSON web tokens (JWTs) are widely used in authentication processes to transfer information in a JSON format while ensuring data integrity. However, just using a JWT is not enough to ensure your information is handled in a secure way. Because JWTs are so simple to use, it's easy to accidentally change the configuration or misuse the data being sent—which can make the application vulnerable even while you're trying to make it secure. In this talk you will learn • What a JWT is and how to avoid common security mistakes when using it • How to properly validate the tokens • Which settings disable the JWT signature and should be avoided • What information should not be sent when creating a JWT
Related topics:

More from this channel

Upcoming talks (12)
On-demand talks (96)
Subscribers (62788)
Black Duck® offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software. As of October 1, 2024 the Synopsys Software Integrity Group is now Black Duck®