The parts of JWT security nobody talks about

Are you going?

41 people going



17:00-17:30 - Reception, Networking, Coffee&Cake.

17:30-18:30 - The parts of JWT security nobody talks about by Philippe De Ryck, Founder of Pragmatic Web Security, Google Developer Expert.

JSON Web Tokens (JWT) have become the de facto standard to transfer application claims between the client and the server. By design, they incorporate the use of signatures to ensure the integrity of the data. However, merely signing the data alone is not enough to guarantee security.

In this talk, we zoom into the security properties of JWTs. After introducing the different signature schemes, we dive into the hard parts nobody talks about. How do you manage and identify the keys used for the signature? How do you handle key rotation? And what about encrypting JWTs? This talk answers all these questions. You will walk away with a set of best practices for adequately securing JWTs.

Philippe De Ryck is the founder of Pragmatic Web Security, where he travels the world to train developers on web security and security engineering. He holds a Ph.D. in web security from KU Leuven. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security and security in Angular applications.

** To ensure your participation, please fill out this form:

18:30-18:45 - Break : Coffee&cakes with Networking.

18:45-19:45 - Infrastructure fuzzing by Salo Shp, SRE Expert from Tikal.
In this session We will cover the reason and methods hackers use to DDOS our production, and learn how to mitigate that threat by doing it ourselves as part of an overall Chaos Engineering methodology.

Hope to see you all,
Tikal Team