InfoSec Write-ups

Each JWT is additionally signed using cryptography (hashing) to ensure that the contents of the JWT cannot be changed by the client or an unsavory party. The JWT will be delivered as a parameter or authorization header from the user agent whenever the user tries to access a protected resource, such as an API or a protected route.

JSON Web Tokens

LogRocket

The NestJS application can easily be applied to other social platforms, such as Facebook, Google, etc. We’ll then learn how to protect private routes using guards and various authentication and authorization mechanisms provided in NestJS. The first one is authenticating a user through GitHub. Go ahead and install the Passport library and the library for the PASSport GitHub strategy.

Creating social logins in NestJS

System Weakness

There are a total of 8 PortSwigger JWT Labs which are an excellent resource for deep diving into JWT attacks. The aim of these labs is to delete the user Carlos through the Admin panel by forging the JWTs. We’ll discover different ways of forging these tokens through these labs.

Deep dive into JWT attacks

An open standard for securely transmitting information between parties as a JSON object. Readers can explore JWT's structure, claims, and cryptographic signatures, as well as its applications in authentication, authorization, and stateless session management in web and mobile applications.

Best of JWT — October 2022