JWT

JSON Web Token (JWT) is a compact, URL-safe token format used to represent claims between two parties, commonly used for authentication and authorization. A JWT consists of a header, payload, and signature encoded in Base64URL, separated by dots. The signature allows the recipient to verify the token was issued by a trusted party and hasn't been tampered with. Common JWT vulnerabilities include using weak secrets, the "none" algorithm attack, and missing expiration validation.

Why it matters for your website

• 1Directly impacts resistance to account takeover and credential theft
• 2Required for SOC 2, HIPAA, and PCI-DSS compliance
• 3Misconfiguration can expose all user accounts to attack