Skip main navigation

Hurry, only 2 days left to get one year of Unlimited learning for £249.99 £174.99. New subscribers only. T&Cs apply

Find out more

Exploitation: Preparing to Hack

JSON Web Tokens are used to securely transfer data between two parties. Pedro Silva will discuss how to exploit its vulnerabilities.
Woman with glasses sitting at a workstation with three computer screens

In previous videos, we saw that OWASP Juice Shop used JSON Web Tokens to store several claims. JSON Web Tokens are used to securely transfer data between two parties. These tokens are stored on the client side as cookies and are also stored in the browser’s local storage.

There is a well-known vulnerability in some JSON Web Token libraries, allowing attackers to bypass the system’s verification step. We are going to check whether Juice Shop is vulnerable.

Over to you: Log in to OWASP Juice Shop, then follow the video demonstration in the next step.

This article is from the free online

Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now