February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Thursday, February 2 • 11:50am - 12:25pm
Handling JWTs: Understanding Common Pitfalls - Bruce MacDonald, InfraHQ

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
If you use JSON web tokens (JWTs) for authentication, handling them securely is your first and last line of defense. However properly using JWTs can be confusing. Even if you follow the specification you may still be vulnerable to some attacks. In this talk Bruce will give a friendly introduction to JWTs and how to work with them in your application. We will cover what is in a JWT, and how to make sure you can trust it. Once we understand the basics Bruce will demonstrate some common pitfalls in signature algorithm confusion and secret brute forcing. Finally, Bruce will cover JWT verification and security that will ensure you can trust your JWTs.

avatar for Bruce MacDonald

Bruce MacDonald

Software Engineer, InfraHQ
Bruce is a software engineer currently working on infrastructure security and access management. He has experience in a wide range of fields from enterprise software to augmented reality hardware.

Thursday February 2, 2023 11:50am - 12:25pm PST
Room 608
  101 Track
  • Content Experience Level Any
  • Presentation Slides Attached Yes