Skip main navigation

Exploitation: Preparing to Hack

JSON Web Tokens are used to securely transfer data between two parties. Pedro Silva will discuss how to exploit its vulnerabilities.
Woman with glasses sitting at a workstation with three computer screens

In previous videos, we saw that OWASP Juice Shop used JSON Web Tokens to store several claims. JSON Web Tokens are used to securely transfer data between two parties. These tokens are stored on the client side as cookies and are also stored in the browser’s local storage.

There is a well-known vulnerability in some JSON Web Token libraries, allowing attackers to bypass the system’s verification step. We are going to check whether Juice Shop is vulnerable.

Over to you: Log in to OWASP Juice Shop, then follow the video demonstration in the next step.

This article is from the free online

Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education