JWT Attacks
http://portswigger.net/web-security/jwt
In this section, we'll look at how design issues and flawed handling of JSON web tokens (JWTs) can leave websites vulnerable to a variety of high-severity attacks. As JWTs are most commonly used in authentication, session management, and access control mechanisms, these vulnerabilities can potentially compromise the entire website and its users.
Don't worry if you're not familiar with JWTs and how they work - we'll cover all of the relevant details as we go. We've also provided a number of deliberately vulnerable labs so that you can practice exploiting these vulnerabilities safely against realistic targets.
Topics
Last updated