11/13/2024 - 16:30

Token-based authentication under Attack: Vulnerabilities and Defense Strategies in Web Applications

In this talk, we’ll dive into the secu­ri­ty pit­falls of token-based authen­ti­ca­tion, focus­ing on JSON Web Tokens (JWTs). From com­mon attack vec­tors to spe­cif­ic vul­ner­a­bil­i­ties, such as token theft from inse­cure stor­age loca­tions like local­Stor­age, we’ll explore how improp­er han­dling can turn tokens into secu­ri­ty lia­bil­i­ties. Through live demos, you’ll see real-world exam­ples of attacks like token hijack­ing, and we’ll dis­cuss prac­ti­cal defense strate­gies to secure tokens effec­tive­ly. Gain insights to for­ti­fy your appli­ca­tions and ensure that tokens remain safe inside your authen­ti­ca­tion architecture.

Learning objectives

  • how passkeys work
  • deep dive into the mechanism of passkey
  • why passkey are more safe than passwords

Level

Basic

Prior knowledge

Having some knowledge how to implement basic authentication for web applications is beneficial but not mandatory
Martina Kraus
Martina Kraus has been active in the world of web development from her early years and has over time developed into an expert in the field of web security. As an Application Security Engineer, she focuses on integrating security best practices into all phases of software development. In her role as a Google Developer Expert (GDE), she also loves to spread knowledge about web security at national and international conferences, regularly organizes ngGirls events (free Angular workshops for women), and the German Angular conference NG-DE. You can find Martina on LinkedIn and on X.