May 3, 2021

JSON Web Tokens – Attack and Defense

In this blog, we will learn about JSON web tokens and advantages of using them over traditional methods of authorization and authentication. We will delve deeper into the ways a malicious adversary can attack JWT implementations and learn about preventing such pitfalls.

What is JWT?

JSON web tokens (JWT) are JSON objects and are an open standard (RFC 7519).  A JSON web token is a standard format that is used to securely transfer information between the two parties.

The Structure of JWT (JSON web token) consists of three parts separated by dots(.) and encoded with Base64 algorithm.

JWT is used to create tokens for authorization requests. Server generates the token for a user and sends it to the client. The client requests data and authorized features to the server using JWT and the server will respond with relevant information after validating the token.

Advantages of using JWT

Hacking JWT

Though JWT provides many advantages above session cookies, they are vulnerable to misconfiguration based attacks. A JWT is as good as the way it has been implemented. Following attacks could arise due to bad implementation:

Securing JWT Hacks

To make sure implementation based attacks are not possible, following prevention techniques can be used:

Author: Sushma Ahuja

Sign up to receive our monthly Newsletter & Blogs

Recent Resources

Dive into our library of resources for expert insights, guides, and in-depth analysis on maximizing Uni5 Xposure’s capabilities

Book a demo and find out more about how Hive Pro can double your operational efficiency

Book a Demo