Session Abstract

JSON Web Tokens are everywhere - you are using a bunch of them right now. It's such a common technology, yet, it's very easy to get them wrong. In this session, we get to the nitty gritty of JWT's - what they are, how they work, and how to make sure that we haven't made an app that just waits to be hacked.

Note to event organizers

The session's goal is to make developers aware of the pitfalls accompanying JWT's by telling some personal stories of cases where JWT's were used improperly. In my experience, such improper usage is extremely commonplace and JWT's are associated with magical thinking, i.e. "I'm using JWT's and I'm secure" The key take-away of the talk should be that JWT's are a great took that should be used carefully, with full understanding of what it can and cannot do.

Wekoslav Stefanovski

Wekoslav Stefanovski has more than two decades of professional developer experience using a variety of development technologies. Has been using C# since the first public beta, and has a long and fruitful love relationship with it. Has been using JavaScript since the previous millennium and has a long and fruitful love/hate relationship with it. Currently, works at Sourcico as Head of development. He is passionate about functional programming, static code analysis, compiler design and code quality metrics.

Back to speaker profile