Safeguard
Tag

jwt

Safeguard articles tagged "jwt" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Application Security

JWT security vulnerabilities and best practices

The jsonwebtoken library shipped three separate signature-bypass CVEs between 2015 and 2022 — algorithm confusion is still the most common way JWTs fail.

Jul 10, 20266 min read
Security Guides

API Authentication Best Practices (2026)

How you authenticate API clients decides how bad a leaked credential gets. Here is how to choose and harden API keys, bearer tokens, JWTs, and mTLS in 2026.

Jul 8, 20266 min read
Application Security

Secure JWT handling: algorithm confusion, expiry, and storage done right

A single unchecked `alg` header turned jsonwebtoken into a forgeable token in CVE-2015-9235 — here's how to close every hole RFC 8725 warns about.

Jul 8, 20266 min read
Vulnerability Guides

JWT Security Vulnerabilities and How to Avoid Them

JSON Web Tokens are only as safe as how you verify them. The alg:none trick, RS256-to-HS256 confusion, and weak secrets have all led to full auth bypass.

Jul 3, 20265 min read
Identity Security

JWT (JSON Web Token)

A JWT (JSON Web Token) is a compact, signed token used to prove identity and claims between systems. Here's how they work, and where they break.

Mar 1, 20268 min read
Identity Security

PASETO tokens

PASETO tokens explained: what is PASETO, how PASETO vs JWT differs, and why platform-agnostic security tokens with versioned crypto are safer by design.

Mar 1, 20267 min read
Vulnerability Analysis

CVE-2025-20188 in Cisco IOS XE WLC: Hardcoded JWT to Root RCE

A hardcoded JSON Web Token in Cisco's Wireless LAN Controller gives unauthenticated attackers a path to root via arbitrary file upload.

May 12, 20256 min read
Concepts

What Is a JWT (JSON Web Token)

A JWT is a compact, signed token that carries claims like who a user is between parties. Learn its three parts, how signing works, and the common security pitfalls.

Oct 15, 20246 min read
jwt — Safeguard Blog