February 26-28, 2025
Montreal, Canada

Are you sure your access tokens are really secure?

Do you use JWT access tokens to secure your web API? If you are, are you absolutely certain that your API only accepts access tokens issued by your service?

In this session, I’ll expose some shocking tricks that can bypass improperly configured token validation. You’ll see how easy it can be to fool your API. But don’t worry, I’ll also walk you through how to write tests that ensure your application is protected against these exploits.

View all 190 sessions

Wesley Cabus

Xebia

Wesley is a Coding Architect at Xebia in Belgium, where he helps organizations to build better applications, helps teams to improve their skills and organizes workshops to share his knowledge.

He's also a Microsoft MVP, board member of the VISUG meetup in Belgium and speaker at conferences and meetups.

Read More

Montreal 2025 sponsored by

Become a sponsor