JWT Vulnerabilities and Attacks/API Security Project - Part7

JWT (JSON Web Token) is a compact and secure token format used for authentication and authorization in modern APIs and microservice architectures. A JWT contains a set of claims about a user and is cryptographically signed, allowing its authenticity and integrity to be verified.

For demonstration purposes, we intentionally created a vulnerable API microservice that checks only the presence of a JWT and the values inside it, but does not verify the token’s integrity. This allowed us to demonstrate a JWT attack in practice by modifying the token’s contents and performing an unauthorized operation.

⚠️ Important: this approach is used strictly for educational purposes. Never implement such logic in a production environment, as it exposes your application to serious security risks.

In the next lessons, I will show how to prevent such attacks using FortiWeb WAF, by enforcing JWT signature and integrity validation at the web application protection level.

Download: https://drive.google.com/file/d/1iBfXHXkBARlM25QO05EgLCynpyCB6psX/view?usp=sharing

#cybersecuritytutorial #cybersecurity #api #devops #developer #backend #microservices #jwt #penetration_testing

Видео JWT Vulnerabilities and Attacks/API Security Project - Part7 канала Kamran Shalbuzov

Комментарии отсутствуют

Информация о видео

26 декабря 2025 г. 22:39:22

00:07:01

Kamran Shalbuzov

Правообладателям

Жалоба на материал Недопустимый материал Нарушение авторских прав

Комментарии

Другие видео канала

JWT Vulnerabilities and Attacks/API Security Project - Part7

1. Configuring an SSL AnyConnect Client VPN on ASA + Attacking

FortiWeb-Man in The Browser Protection (Encrypt Custom Fields) Configuration (WAF) Part 3

FortiWeb-URL Encryption (Unauthorized Access Control) Configuration (WAF) Part 4

Redistributing Routing Protocols: RIP, EIGRP, OSPF

FortiDDoS-Ping (ICMP) Flood DDoS attack & Mitigation Part 4

Configuring Static NAT

FortiWeb-URL Access Configuration (WAF) Part 5

Preparation of network infrastructure for implementation Fortinet ZTNA (FortiClient EMS) Part 4

Configuring Dynamic NAT and PAT Cisco

Deploying WordPress Across Multiple Data Centers with SD-WAN/Building Dual Active DC - Part9

FortiWeb-API Protection/JSON Protection/Validation Part20

4.Basic IPphone Configuration on Cisco Packet Tracer

Configuration Network Application Control On FortiClient EMS (Fortinet ZTNA) Part 3

SOAR-Installation Wazuh - Open Source XDR & SIEM Part3

Installing Active Directory Domain Services on Windows Server 2008 R2 Enterprise 64-bit

High Availability MinIO Setup: Distributed Object Storage & CDN with Cloudflare/API Security Project

Конфигурация OSPF на оборудовании Cisco Systems

OpenRSSO Open Source Client Single Sign-On (SSO) For FortiGate - Part2

FortiWeb-Input Parameter Validation Configuration (WAF) Part 6

Install ASDM on Cisco ASA

FortiWeb-Tracking Users/Credential Stuffing Defense/Limit Concurrent Users Per Account (WAF) Part9