F5 Labs Research: JWT - A How NOT To Guide

In their current incarnation, applications are agile and experience-centric. Application programming interfaces (APIs) power modern applications and with such prevalent use, cybercriminals’ enthusiasm for cracking APIs is growing. In F5 Labs’ 2020 Application Protection Report, we see how this architectural change is driving actualized risk.

Since 50% of the cases studied for API breaches and disclosures are authentication and authorization related, it is of utmost importance to analyze authentication as an attack vector.

That is where the JSON Web Token (JWT), a mechanism for authentication, comes in.

Read Shahnawaz Backer's article on F5 Labs - JWT: A How Not to Guide