The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered forCloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."
If you use JSON web tokens (JWTs) for authentication, handling them securely is your first and last line of defense. However properly using JWTs can be confusing. Even if you follow the specification you may still be vulnerable to some attacks. In this talk Bruce will give a friendly introduction to JWTs and how to work with them in your application. We will cover what is in a JWT, and how to make sure you can trust it. Once we understand the basics Bruce will demonstrate some common pitfalls in signature algorithm confusion and secret brute forcing. Finally, Bruce will cover JWT verification and security that will ensure you can trust your JWTs.
Bruce is a software engineer currently working on infrastructure security and access management. He has experience in a wide range of fields from enterprise software to augmented reality hardware.
