Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Discover a groundbreaking application attack methodology called 'JWT Puzzles' in this 42-minute conference talk that reveals how common organizational misconfigurations create critical attack surfaces for large-scale enterprise compromises. Learn about this novel systemic attack technique that enables significant lateral movement and privilege escalation within enterprise environments through JWT (JSON Web Token) vulnerabilities. Explore how red teams can leverage these often-overlooked security gaps to achieve widespread access across organizational systems. Gain insights from Principal Security Architect Alon Friedman, who brings extensive experience from Microsoft 365 Defender, Salesforce, and PayPal, along with recognized research contributions including CVE-2014-4246 and the SCIP OWASP ZAP extension. Understand the technical foundations of JWT-based attacks, their implementation in real-world scenarios, and the specific misconfigurations that make organizations vulnerable to this attack vector. Master advanced penetration testing techniques that can be applied in red team engagements to demonstrate the severity of JWT-related security weaknesses in enterprise applications.
