Autoplay
Autocomplete
Previous Lesson
Complete and Continue
JWT Attacks
Introduction
Course Introduction (1:56)
Course Slides and Scripts
Getting Help
Answering Your Questions (3:11)
Join the Discord Server
Lab Environment Setup
Lab Environment Setup (7:21)
Step-by-Step Guide
JWT Attacks - Technical Deep Dive
Agenda (1:15)
Introduction to JWTs (11:06)
What are JWT Vulnerabilities (4:32)
How to Find & Exploit JWT Vulnerabilities (30:09)
How to Secure JWTs (9:05)
Resources (1:13)
Hands-On JWT Attacks Labs
Lab #1 JWT authentication bypass via unverified signature (35:55)
Lab #2 JWT authentication bypass via flawed signature verification (38:05)
Lab #3 JWT authentication bypass via weak signing key (14:10)
Lab #4 JWT authentication bypass via jwk header injection (9:38)
Lab #5 JWT authentication bypass via jku header injection (10:20)
Lab #6 JWT authentication bypass via kid header path traversal (10:41)
Lab #7 JWT authentication bypass via algorithm confusion (13:28)
Lab #8 JWT authentication bypass via algorithm confusion with no exposed key (22:11)
Thank You!
Thank You!
Join the Discord Server
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock