Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post

What Are JWTs And Are They Vulnerable To Attacks?

Chris WestphalChris Westphal
Aug 28, 2020

It’s time for episode number 5 of API Security With A Pinch Of Salt and in this episode Chris, Adam, and Ran talk about JSON Web Tokens (JWTs), an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

Learn what it takes to secure APIs, how to evaluate API security offerings, and the capabilities needed to protect your business.

JWTs are commonly used for authorization in API applications because they’re lightweight, can be encrypted and can be digitally signed. As a simple example, a banking app might use JWTs to keep you from having to log in as you move between services like checking your balance, updating your investments and applying for a loan. Each of those services are likely different apps on the backend and being able to log in once, have the application issue a JWT for the session and use that JWT to authenticate you to each service will keep you from having to enter your user name and password again and again. JWTs are also commonly used with Single Sign On services for the very same reason.

We dig deeper into more of the details around JWTs, how they’re used for security in API applications, and if they’re vulnerable to attacks. Check out the video to see more.

If you’re interested in seeing the Salt Security API Protection Platform in action, contact us for a customized demo today!


Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

June 18, 2024

Salt Labs
Research Team

Salt Labs

Increasing API Traffic, Proliferating Attack Activity and Lack of Maturity: Key Findings from Salt Security’s 2024 State of API Security Report

The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents.

Read more

June 12, 2024

Elad Hoffer
Head of Product R/T Protection


Salt Security Leading the Way in AI-Driven API Security for Next-Generation Threat Protection and Attacker Insights

Learn how the recent introduction of advanced LLM-driven attacker insights further solidifies Salt's position as a leader in API security solutions.

Read more

June 7, 2024

Eric Schwake
Head of Product Marketing

A Salt Security Perspective on the 2024 Gartner® Market Guide for API Protection

Salt Security's API Protection Platform is AI-infused and designed to address the challenges outlined in the Gartner report.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

Get the guide