AppSec California 2020, January 21-24 at the Annenberg Beach House, Santa Monica, CA
Back To Schedule
Friday, January 24 • 2:10pm - 3:00pm
Are You Properly Using JWTs?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
JSON Web tokens (JWTs) are used massively in API-based applications as access tokens or to transport information across services. Unfortunately, JWT are often mis-used and incorrectly handled. Massive data breaches have occurred in the last 18 months due to token leakage and lack of proper of validation.

This session focuses on best practices and real world examples of JWT usage, where we cover:

- Typical scenarios where using JWT is a good idea
- Typical scenarios where using JWT is a bad idea!
- Principles of Zero trust architecture and why you should always validate
- Best practices to thoroughly validate JWTs and potential vulnerabilities if you don’t.
- Use cases when encryption may be required for JWT

avatar for Dmitry Sotnikov

Dmitry Sotnikov

Chief Product Officer, 42Crunch
Dmitry Sotnikov serves as Chief Product Officer at 42Crunch – an enterprise API security company – and is curator of APISecurity.io, a popular community site with daily API Security news and weekly newsletter on API vulnerabilities, breaches, standards, best practices, regulations... Read More →

Friday January 24, 2020 2:10pm - 3:00pm PST
Club Room