Learn about the Salt + CrowdStrike Falcon integration

Learn more

What Are JWTs And Are They Vulnerable To Attacks?

Chris WestphalChris Westphal
Aug 28, 2020

It’s time for episode number 5 of API Security With A Pinch Of Salt and in this episode Chris, Adam, and Ran talk about JSON Web Tokens (JWTs), an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

Learn what it takes to secure APIs, how to evaluate API security offerings, and the capabilities needed to protect your business.

JWTs are commonly used for authorization in API applications because they’re lightweight, can be encrypted and can be digitally signed. As a simple example, a banking app might use JWTs to keep you from having to log in as you move between services like checking your balance, updating your investments and applying for a loan. Each of those services are likely different apps on the backend and being able to log in once, have the application issue a JWT for the session and use that JWT to authenticate you to each service will keep you from having to enter your user name and password again and again. JWTs are also commonly used with Single Sign On services for the very same reason.

We dig deeper into more of the details around JWTs, how they’re used for security in API applications, and if they’re vulnerable to attacks. Check out the video to see more.

Go back to blog

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

Get the guide