Glossary

JSON WEB TOKEN / JWT
defined.

A compact, URL-safe token format used for stateless authentication and authorization, typically signed with HMAC or RSA/ECDSA.

A–Z

What is JSON Web Token (JWT)?

JWTs encode claims (subject, expiry, audience) in a Base64URL payload, signed to detect tampering. Common security failures: alg=none bypass, weak HMAC secrets recoverable via jwt_tool, algorithm confusion (RS256 to HS256), and unrestricted kid headers leading to SQL injection or file disclosure.

Related terms.

OAuth 2.0
OpenID Connect (OIDC)
Security Assertion Markup Language (SAML)

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

JSON WEB TOKEN / JWTdefined.

What is JSON Web Token (JWT)?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

JSON WEB TOKEN / JWT
defined.

BOOK A FREE
scoping call.