00 — Overview

JWT Attacks

JSON Web Tokens are everywhere — and frequently misconfigured. Learn the full attack surface: weak secrets, the none algorithm, algorithm confusion, and key injection.

Intermediate·40 min·7 tasks

// By the end of this module

→Decode and understand the structure of a JSON Web Token

→Exploit the "none" algorithm bypass to forge unsigned tokens

→Perform algorithm confusion attacks (RS256 → HS256)

→Extract secrets from weak HS256 keys with offline cracking

// Prerequisites

Foundation · Beginner

How Authentication Works

35 min

→

Foundation · Beginner

APIs & Modern Web Apps

35 min

→