In part1 of the article, I introduced JSON web tokens that what is JWT and How they are made? I prefer to take a look at that before you go through this article. So guys, in this article, we will…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

In this article, we will discuss the attacking part on JWT, which is the hacker’s favorite part. Abusing None algorithm is used to generate a JWToken. In that case, anyone can create a forge JWT Token and submit it to a resource server because there is no signature available in the token.

Attacks on JSON Web Token (JWT)

🔈 🔈 Infosec Writeups is organizing its first-ever virtual conference and networking event. If you’re into Infosec, this is the coolest place to be, with 16 incredible speakers and 10+ hours of power-packed discussion sessions. Check more details and register here.

<p>Awesome article, very understandable and precise. Congratulations.</p>
