JSON Web Token Security

It is amazing that there are educational tools like bogus webpage and video to teach or train newcomers in the concept of hacking unlike before. Over the decades, technology and techniques have evolved so much that it feels daunting for newcomers for survive the steep learning curve. Though some techniques may not work in current state, these tools help to smoothen the learning curve and hopefully, will attract more new blood to the field of cyber security.

eric

After reading Only the " Thumbnail " the Title, and the 1st., 6 seconds / I have to say; " Thank you " ! I get to do That Every time I go to the Grocery Store or Look into Any Catalog !

crayfish

I'm guessing this works on applications that don't actually validate the token.

sailorm

watching your vids with my new iphone, you are the best

deadshot

Great video! Short, sweet, to the point, and loaded with great practical information!!

TobyArnett

This is great and all but most secure applications will not use the alg header to determine what algorithm to check the signature with, and they will check the signature with a predefined algorithm rejecting any claims in the JWT if the signature doesn't match the content of the token. So this would work on apps developed and not updated before 2015 I think.

salientExtract

This was incredibly interesting to watch, thank you!

stolenkey

Thanks and You Helped learn how to program websites more securely

solelgammal

If you validate the token it wont work. These tokens are not there to ensure the data is right, but they are there to ensure that the data is valud by providing the data, key and a token. The server computes the token from the data and compares it to the token sent with the jwt. If you dont validate this in your application, you can use any data

dermuschelschluerfer

Hello, Awesome Video. Please make another one about sessionids

Abasalt_Yar

Not sure what you were doing here, you changed the JWT, how could it pass the server JWT verification? The server will use key and salt to decode the token, if you not put signature, it won’t pass

hfqxcle

I learned tons about the JWT token in this concise video that I didn't know before! Thanks for the hard work; Keep it up!!

Warlock

Thanks for educating Community. waiting for more ..

yaserbasaad

gonna get 2 pairs of ipad pro, imac, earpods, zara, 1gbps annual pack, 1 bitcoin{at least}

guys, i just wanna tell you that Dreams come true!

ZAMislive

Excellent tutorial, but it won't work on present day website at least most of them. Could work on a few

SECYBERSAFE

If the JWT is generate with private key and public key, that is vulnerable?

bryanmichaelzapatacapcha

please make more videos and guide us more about check out or payment methods

professorummarsheikh

sir can you make video about webgoat how to use full tutorial plz

anonymousnothing

Thanks a Ton for Giving Such a Great Content for Us.

CyberBoy_

Can you pls give the list of names of books that are lying on your table at 0:19?

Mike-kqyc