Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

On the Insecurity of JavaScript Object Signing and Encryption - AppSec EU 2017

OWASP Foundation via YouTube

Overview

Explore the critical security vulnerabilities in JavaScript Object Signing and Encryption (JOSE) in this 45-minute conference talk from AppSec EU 2017. Delve into the first comprehensive study on JSON security, adapting and extending known attack techniques. Discover the evaluation of four different libraries, revealing critical cryptographic attacks such as Signature exclusion, Key Confusion, and Timing Attack on HMAC for JSON Signature, as well as the Bleichenbacher Million Message Attack for JSON Encryption. Learn about JOSEPH, the first open-source automated tool for evaluating JSON security, and its extensible design for implementing further cryptographic attacks. Gain valuable insights into the security implications of JOSE's integration in authentication and authorization protocols like OpenID Connect and OAuth, as well as its adoption in Web services.

Syllabus

AppSec EU 2017 On The (In-)Security Of JavaScript Object Signing And Encryption by Dennis Detering

Taught by

OWASP Foundation

Reviews

Start your review of On the Insecurity of JavaScript Object Signing and Encryption - AppSec EU 2017

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.