February 26-28, 2025
Montreal, Canada
Are you sure your access tokens are really secure?
Do you use JWT access tokens to secure your web API? If you are, are you absolutely certain that your API only accepts access tokens issued by your service?
In this session, I’ll expose some shocking tricks that can bypass improperly configured token validation. You’ll see how easy it can be to fool your API. But don’t worry, I’ll also walk you through how to write tests that ensure your application is protected against these exploits.
In this session, I’ll expose some shocking tricks that can bypass improperly configured token validation. You’ll see how easy it can be to fool your API. But don’t worry, I’ll also walk you through how to write tests that ensure your application is protected against these exploits.
Wesley Cabus
Duende Software
Wesley is a Customer Success Engineer at Duende Software, helping Duende's customers to be successful by assisting developers with issues, documenting common problems and teaching about security / identity.
He's also a Microsoft MVP, board member of the VISUG meetup in Belgium and speaker at meetups and conferences, such as NDC London and Sydney, Copenhagen Developer Festival, WeAreDevelopers Berlin, Update Conference, TechDays, DevConf, DeveloperDays and Techorama.
Sponsored by
