什么是JSON Web Tokens | 如何针对JWT进行渗透测试
作者:FancyPig | 发布时间: | 更新时间:
相关阅读
data-postsbox="{"id":25119,"title":"【漏洞赏金渗透课程】Api接口渗透测试、Fuzz技巧分享","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/10/20221022045345855.png","cover_video":"","views":4194,"comment_count":6,"category":"knowledge","is_forum_post":false}">{"id":25119,"title":"【漏洞赏金渗透课程】Api接口渗透测试、Fuzz技巧分享","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/10/20221022045345855.png","cover_video":"","views":4194,"comment_count":6,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":25362,"title":"黑客如何渗透JSON Web Token?通过劫持Token修改密码?","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/10/20221024113845606.png","cover_video":"","views":2135,"comment_count":12,"category":"knowledge","is_forum_post":false}">{"id":25362,"title":"黑客如何渗透JSON Web Token?通过劫持Token修改密码?","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/10/20221024113845606.png","cover_video":"","views":2135,"comment_count":12,"category":"knowledge","is_forum_post":false}
视频讲解
本期视频将介绍常见的身份验证方法:JSON Web Tokens,简称JWT。视频将从什么是JWT以及它们的工作方式开始,然后深入探讨如何攻击和利用它们。就像其他的一些安全验证一样,JWT并不是本质上不安全,而是应用程序的设计、配置或处理可能会让应用程序面临攻击。JWT的结构包括头部、负载和签名三个部分,它们之间用句号分隔。头部包含有关令牌的元数据,如签名所使用的加密算法。负载包含称为声明的内容。声明可以很容易地被篡改,但应该受到签名的保护,以便检测到任何篡改。在视频中,我们还会分析JWT与Session有何不同,我们将通过典型的工作流程进行演示和讲解。