json – Page 19 – WindowsTechs.com

Can I prevent a replay attack of my signed JWTs?

Posted on August 2, 2014 by Aditya M P

I have implemented a stateless auth over HTTP in Laravel, using JWTs.

I send my username/password from the frontend.
Server authenticates user, sends back a signed JWT with an expiry time.

I’m using the HS512 algorithm to sign with a pr… Continue reading Can I prevent a replay attack of my signed JWTs?→

Compromised JSON Web Token (JWT) Bearer Token

Posted on July 30, 2014 by BausNauf

We are implementing a REST service that requires authentication and authorization. Because of the stateless nature of REST API’s, we want to use JWT to make authenticated calls to the API through a token, without the need to hit a database… Continue reading Compromised JSON Web Token (JWT) Bearer Token→

Security risks with JSONP?

Posted on October 31, 2012 by D.W.

What are the security risks with JSONP? Is using JSONP in a new web application reasonable, from a security perspective, or is it better to use a different method for cross-origin web mashups?

If using JSONP is reasonable, … Continue reading Security risks with JSONP?→

How should web app developers defend against JSON hijacking?

Posted on September 9, 2011 by D.W.

What is the best defense against JSON hijacking?

Can anyone enumerate the standard defenses, and explain their strengths and weaknesses? Here are some defenses that I’ve seen suggested:

If the JSON response contains any confidential/no… Continue reading How should web app developers defend against JSON hijacking?→