»Practical Approaches for Testing and Breaking JWT Authentication«
2019-05-16, 12:00–12:40, Main Hall

A walk-though on approaches for breaking and testing JWT authentication.

JWT (JSON Web Token) is a popular authentication protocol for delivering stateless authentication. It has been highly popular in recent years because of its simplicity, performance, and the level of security it provides.

The protocol is highly adapted for sessioning, authentication and authorization. However, a single mistake in the implementation can lead to the compromise of the entire application.

In my presentation, I will show common implementation weaknesses observed in the wild, how to test and break JWT authentication, as well as demonstrate practical approaches for securing JWT against each described attack. In addition, I will release an open-source toolkit for testing JWT in modern applications.