filmov
tv
Advanced Web Application Penetration Testing JWT Security Issues
Показать описание
Presented by: Adrien de Beaupré
JWTs are an important part of how modern APIs are used, they assert your identify to the application. You will see them in SOAP, REST, and GraphQL. Many decisions about authorization and access are based on the claims contained within the JWT. If there are vulnerabilities within the framework used to create them, or in implementation decisions, the impact can be high.
In this webcast , I will discuss how JWTs are generated and used. Security issues can include information disclosure, authentication bypass, authorization control bypass, password cracking, JWT reuse, algorithms such as None, and algorithm exchange. I will demonstrate the None algorithm attack, cracking the secret key used to sign the JWT, and algorithm exchange.
JWTs are an important part of how modern APIs are used, they assert your identify to the application. You will see them in SOAP, REST, and GraphQL. Many decisions about authorization and access are based on the claims contained within the JWT. If there are vulnerabilities within the framework used to create them, or in implementation decisions, the impact can be high.
In this webcast , I will discuss how JWTs are generated and used. Security issues can include information disclosure, authentication bypass, authorization control bypass, password cracking, JWT reuse, algorithms such as None, and algorithm exchange. I will demonstrate the None algorithm attack, cracking the secret key used to sign the JWT, and algorithm exchange.
7:15:44
Mastering Advanced Web Application Penetration Testing: Techniques & Tools
1:16:34
Web Application Penetration Testing - A Practical Methodology
2:32:55
Hacking Web Applications (2+ hours of content)
2:47:57
Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
0:07:35
Real web application pentest, NOT a CTF!
0:17:24
I AUTOMATED a Penetration Test!?
0:03:55
Roadmap to become a pentester
11:21:04
Bug Bounty Course 2024 Updated
Advanced Web Application Penetration Testing JWT Security Issues
0:00:53
What is Web Application Penetration Testing? | Web Application Hacking & Security Course
0:13:01
Automated Hacking Tool?! | OWASP ZAP Tutorial
0:15:25
Simple Penetration Testing Tutorial for Beginners!
0:01:50
Course Preview: Advanced Web Application Penetration Testing with Burp Suite
11:05:18
complete penetration testing course in 11 hours | penetration testing training
0:13:37
Conduct a Penetration Test Like a Pro in 6 Phases [Tutorial]
0:03:18
Testing for SQL injection vulnerabilities with Burp Suite
0:22:52
Web Application Penetration Testing: Steps, Methods, & Tools | PurpleSec
0:01:06
What makes SEC642: Advanced Web App Penetration Testing such a great course?
0:01:58
Why should students take SEC642: Advanced Web App Penetration Testing?
0:46:26
Modern Web Application Penetration Testing Part 1, XSS And XSRF Together
0:08:09
Learn WebApp Pentesting: 2023 edition
0:13:08
Simple Penetration Testing Tutorial for Beginners!
11:20:15
Beginner to Advanced Bug Bounty Hunting Course | 2022
0:49:57
SANS Webcast: What’s covered in the our Adv. Web App Pen Testing Course (SEC642)?
Комментарии