Three New Attacks Against JSON Web Tokens

  Рет қаралды 6,852

Black Hat

Black Hat

Күн бұрын

JSON Web Tokens (JWTs) have become omnipresent tools for web authentication, session management and identity federation. However, some have criticized JWT and associated Javascript Object Signing and Encryption (JOSE) standards for cryptographic design flaws and dangerous levels of unnecessary complexity. These have arguably led to severe vulnerabilities such as the well-known "alg":"none" attack....
By: Tom Tervoort
Full Abstract and Presentation Materials: www.blackhat.c...

Пікірлер
Evading Logging in the Cloud: Bypassing AWS CloudTrail
26:02
Black Hat
Рет қаралды 4 М.
Une nouvelle voiture pour Noël 🥹
00:28
Nicocapone
Рет қаралды 9 МЛН
IL'HAN - Qalqam | Official Music Video
03:17
Ilhan Ihsanov
Рет қаралды 700 М.
To Brawl AND BEYOND!
00:51
Brawl Stars
Рет қаралды 17 МЛН
JSON Web Tokens Suck
53:14
ForwardJS
Рет қаралды 10 М.
Phishing 2.0 - Detecting Evilginx, EvilnoVNC, Muraena and Modlishka
46:05
Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities
28:17
Event-Driven Architecture (EDA) vs Request/Response (RR)
12:00
Confluent
Рет қаралды 177 М.
Cracking JSON Web Tokens
14:34
The Cyber Mentor
Рет қаралды 60 М.