Hacking and Securing JSON Web Tokens (JWT)
4.6 (47 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
308 students enrolled

Hacking and Securing JSON Web Tokens (JWT)

Learn how to exploit insecure JWT implementations using practical exercises
4.6 (47 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
308 students enrolled
Last updated 6/2020
English
English [Auto]
Current price: $139.99 Original price: $199.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 1.5 hours on-demand video
  • 3 articles
  • 1 downloadable resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Students will get Indepth knowledge about Json Web Tokens (JWT)
  • Students will learn JWT Implementation Weaknesses
  • Students will learn various practical JWT Attacks
  • Students will learn how to securing JWT Implementations
  • Students will learn how to do JWT based REST API Security testing
  • Students will learn how HS256 and RS256 Algorithms work
  • Students will learn how Hash Based Message Authentication Code (HMAC) works
  • Students will learn how RSA Digital Signatures work
  • Students will learn how to use openssl command line client to practice Cryptographic algorithms
Requirements
  • The course covers all the required basics
  • REST API/Web Application penetration testing knowledge is good to have
Description

This course teaches various insecure implementations of Json Web Token (JWT) based REST APIs. This course begins by introducing students to the fundamental Json Web Token concepts. Even though, this is an entry level to intermediate level course, we encourage you to take this course if you already have basic Web Security knowledge as this course is designed to provide knowledge specific to Json Web Tokens and it does not cover the fundamentals of Web Security Testing and REST API Security Testing. Do note that the course involves a lot of JWT fundamental concepts and only the last module covers the practical attacks against JWT. So, please get your expectation right before jumping on the course. Rest Assured, you will feel confident about Json Web Tokens and JWT Security testing after completing this course.


As a bonus, a Virtual Machine is provided with all the source code used in the labs. So, you can change the code to have few more vulnerable implementations of JWT. 

Who this course is for:
  • Penetration Testers
  • Web or API Developers
  • Mobile Application Developers
  • Security professionals who are interested in REST API Security
  • Security professionals who are interested in JWT Security
  • Anyone who is interested in ethical hacking and penetration testing
  • Anyone who is interested in information security concepts
Course content
Expand all 31 lectures 01:44:42
+ Introduction to JWT
10 lectures 23:40
Lab setup
03:53
Custom Vulnerable APIs - Download
00:08
What is JWT?
01:36
JWT Structure
01:49
Base64 vs Base64url encoding
01:54
A word about JWT Signature
01:06
How JWT works?
04:31
API Documentation - Download
00:02
JWT Demo
07:57
Summary
00:44
+ JWT indepth
8 lectures 33:03
JWT Headers
01:14
JWT Payload
01:55
JWT Signature
01:27
Understanding HS256
05:57
HS256 Demo
07:15
Understanding RS256
06:26
RS256 Demo
06:05
None Algorithm Demo
02:44
+ JWT - Command line Kung-Fu
3 lectures 16:33
Generating RSA Keys using Openssl
02:49
Manually creating RS256 Signature
06:36
+ JWT Attacks and Defenses
7 lectures 28:21
Introduction
02:01
Abusing None Algorithm using Burpsuite - Demo
04:26
Signature Stripping Attack - Demo
06:13
Bruteforcing HS256 Secret Key - Demo
02:45
Substitution Attack - Demo
06:05
Defenses
02:10