Hacking JWTs

Elevator Pitch

JSON Web Tokens are great! Or are they? They’re signed, and self-contained payloads of data, but what could go wrong? Come and find out. Live demos of hackery included.


JWTs are secure; they’re signed; they’re the best thing since sliced bread! So you’ve adopted them into your applications, and feel much safer. The chances that things will go wrong are slim. Right?

This talk will introduce the ways in which JWT implementations can go wrong, together with live demos, and take you on a journey to understand how to make sure you can trust these handy payloads in your applications and APIs.

Get updates in your inbox

I don't send many updates. I don't like to spam. Let's face it - I've not posted many new articles for a while (although I do plan on changing that). If you subscribe to new articles, I'll send no more than two emails a week. As for workshop and conference information, that'll be as and when I have details. It's not likely to be more than an email a week.

Tell me about

* indicates a required field