DevConf.US 2022 has ended
Registration is now OPEN! Please register HERE as soon as possible!

DevConf.US 2022 is the 5th annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to Boston this August!!
Back To Schedule
Thursday, August 18 • 10:30 - 10:55
Using JWT safely: the do's and don'ts

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

JSON Web Tokens (JWTs) became widely used in authentication processes to transfer information in a JSON format while ensuring data integrity. However merely using a JWT is not enough to ensure your information is handled in a secure way. As a result of JWT's simplicity, it is easy to change the configuration or misuse the data that is sent, thus creating a potentially vulnerable application while thinking it is totally secure.
This talk will explain what JWTs are and how to avoid common security mistakes when using them. We will discuss proper token validation, settings that disable the JWT signature and should be avoided, and what information should not be sent when creating JWTs.

avatar for Ira Cherkes Levinshteyn

Ira Cherkes Levinshteyn

Senior Software Engineer, Synopsys
Ira is a senior software engineer working on Seeker, the Interactive Application Security Testing solution from Synopsys.Ira's experience is diverse - she has a BA in Computer Science, a BSc in Biochemistry, and a MSc in Quantum Mechanics and she is now back to the Cybersecurity field... Read More →

Thursday August 18, 2022 10:30 - 10:55 EDT
Conference Auditorium