I just wanna point out that at 3:48, you should have read the secret from an environment variable. I know it's security 101 and this is just for demo purposes, but some beginners might use this as their starter code to make their projects and they could end up hard coding the secret that way
Quick question, if I get access to someone else's token and use this token to make requests to a server, will the server recognise that I am not the original owner of the token?
what if we encrypt the jwt token with crypto ex: const token = crypto.AES.encrypt(jwt.sign({...payload},'secret'),'enc-secret') const decode = crypto.AES.decrypt(token,'enc-secret') just an idea
@@gihanrangana6248 well, you get an encrypted and signed thing. What for? The issue is not "not enough encryption", the issue is weak secrets. And generally bad design of JWT and JWT libraries, but that's regarding other attacks. I really dislike JWTs, way too large of an attack surface, and a huge issue with revoking access once a token is granted, but too much hype.
Please Make an hour long video if need be. I'll watch it.
Idc if a JWT video turned into an entire course, I'd buy it....and watch it. More JWT content!
+1 for more JWT content
+10 for more JWT content
1
This is one of the best demo code I have seen with video explaining clearly. Keep doing more of these. ❤
Very clear explanation. I'm all for deep dive too. Make it a series if needed.
yes , I am excited to see more content on this ..... Like you said header injection and all . I 'll be waiting for next video.
Yes please make a deep dive of JWT attacks!
You're a great instructor. Keep it up
JWT Deep dive please!! Thank you!
Please make full deepdrive on jwt
Would absolutely freaking love a JWT deep dive 🤩
Would love to see JWT Deep Dive
I would definitely watch a jwt deep dive, looking forward to it!!
Yes would love more content on JWT
you are awesome!!. very clear and informative. deep dive into jwts!!. keep up!!.
that was great and simple thank you
@darkside_hackers.... you guys still exist ?
This is an important topic to me. Would love another video that goes deeper.
It's a great demonstration we will be happy if you go deep into it. We have to know how to protect our work.
I just wanna point out that at 3:48, you should have read the secret from an environment variable. I know it's security 101 and this is just for demo purposes, but some beginners might use this as their starter code to make their projects and they could end up hard coding the secret that way
Yes, we love watching more videos
yes please!
Btw, very comprehensive way of explaining things! 👍
Yes sir make a jwt deepdown I loved to watch, its very useful to me
Super insightful! We need a deep dive!
Good explained it. Please make more videos. I am not miss it.
Yes we would like to, thank you for the effort!
Willing to watch a JWT deep dive
Great video, excellent explanation, I would definitely watch however long the video might be.
Awesome Video ♥️♥️, please deep dive video
Wow idk it was the fact u were using JS or im already familiar with this kinda stuff, all i know i really enjoyed watching.
JWT deep dive FTW!
We are willing to watch it and have the patience, so please make it lol
Always using jwts but never taken the time to learn more about them. I'm all in for a deep dive!
I am absolutely for a JWT deep dive 👍
Nicely put together
Yes please, those videos are very usefull.
3 hour video about JWTs sounds great. Also, what application were you using to test?
fantastic video, can you share the git-hub repo so we can tinker around with the code
Great video!
Make a video on how best to secure jwt from these attacks.
Amazing content! 🤟
This is a great video! Do you have any experience using JWTs in place of cookies?
Please make a video on algorithm confusion and header injection
Please do!!!! So cool. I promise to watch ;-)
please, make the complete vdeo.
We would love to watch jwt deep dive
Please make deep video on JWT security testing.
Great content, thank you
go on. It's very useful
Deep dive, deep dive, deep dive!
Plz 🤪
YEs i want to watch it
Nice Video
Quick question, if I get access to someone else's token and use this token to make requests to a server, will the server recognise that I am not the original owner of the token?
I'd watch it
bro pls tell what can do to secure jwt token?
Thank you!
More JTW please
Thanks dude , but i'm as a developer , we create secret key from hash 32bite so t think is to hard to crack JWT
More JWT content!
What is solution to prevent brute force?
great tutorial
Please Deep Dive JWT
JWT deep dive please
Can you make a video on Linux server administrator
In depth
In algorithm part we can exploit by specifying "no algorithm"
The widely used jwt libraries force you to specify an algorithm for verification.
JWT DEEP DIVE PLEASE❤
more jwt. please
Awesome
jwt tool link?
I feel better now that my application uses a 64-character alphanumeric string
5:02 *request :)
More JWT
How about I use JWT in a HTTPS connection ?
Https protects against random computers intercepting the traffic, but does nothing to protect your cookies/jwt/whatever else from user manipulation
How to prevent JWT from decoding?
JWTs are meant to be decoded.
You CAN encrypt an entire JWT, but this isn't super common.
@@st8113 thanks.
Vocal fry is a thing.
♥️
JWT deep dive
Make long video jwt
Use me as a ” deep dive , deep dive !” Button
what if we encrypt the jwt token with crypto
ex: const token = crypto.AES.encrypt(jwt.sign({...payload},'secret'),'enc-secret')
const decode = crypto.AES.decrypt(token,'enc-secret')
just an idea
or we can encrypt the payload and put it inside the token
@@gihanrangana6248 well, you get an encrypted and signed thing. What for? The issue is not "not enough encryption", the issue is weak secrets. And generally bad design of JWT and JWT libraries, but that's regarding other attacks.
I really dislike JWTs, way too large of an attack surface, and a huge issue with revoking access once a token is granted, but too much hype.
Great Video!
JWT deep dive please