Security Roundup: JWT This Down

DZone 's Guide to

Security Roundup: JWT This Down

While JWTs are not always perfect, they definitely have their uses. In this month's roundup, we explore what the DZone community is using them for.

· Security Zone ·
Free Resource

Welcome to this month's edition of the Security Roundup! Last time I made some terrible Jacques Cousteau puns and talked about Docker Security. In today's post, we'll take a look at JSON Web Tokens (JWTs), how they can be implemented for web application security purposes, and what the DZone community is using JWTs for in their own projects. 

And, as a quick side note, if you're interested in writing for DZone, but don't have a topic in mind, come check out our Bounty Board, where you can win prizes for providing great content, and our Writer's Zone which has plenty of prompts, tips, and tricks! 

DZone Articles on JWT

  1. Secret Rotation for JWT Tokens by Alex Soto. Using some form of secret rotation when using web tokens to encrypt payloads is important to any security strategy. Read on for an example of how to implement this in your own code.

  2. JSON Web Token (JWT) Signing Algorithms Overview by Sebastián Peyrott. There are several algorithms which take place in the JWT encryption process. We will explore some of the most common ones in this post.

  3. Authenticating SPAs Using JWT by Vaishali Jain. If you are looking to secure your single page application through a token-based authentication system, then this post is definitely for you. And, if not, well, you're already here, so you should probably follow the link and read it anyway. 

  4. Using JWT for Sessions by Bozhidar Bozhanov. A developer explains his objection to how the phrase "Don't use JWT" is widely understood to mean "Don't use tokens," where that is not the case.

  5. JWT Authentication With Play Framework by Teena Vashist. In this post, we'll go over using JWT Authentication with the Play Framework for front-end web development to help make your site more secure. 

DZone Publications

  1. DZone's Guide to Proactive Security: Apps, Environments, and Messaging featuring articles by Boaz Shunami, Jeff Williams, Kaie Strzempka, Chris Lamb, James Wickett, Ivan Dwyer, and Tom Smith. With the rise of high-profile ransomware and DDoS attacks comes a greater need than ever for powerful application security. The 2017 Guide to Proactive Security discusses the actions that experts are taking to combat the growing list of threats, and what developers can do to be proactive in securing their apps and processes.

  2. Refcard #260, REST API Security by Guy Levin. API security is the single biggest challenge organizations want to see solved in the years ahead. Download this Refcard to gain a better understanding of REST APIs, authentication types, and other aspects of security (JSON Web Tokens are covered in Sections 8-11).

json web tokens, jwt, security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}