jwt
Safeguard articles tagged "jwt" — guides, analysis, and best practices for software supply chain and application security.
8 articles
JWT security vulnerabilities and best practices
The jsonwebtoken library shipped three separate signature-bypass CVEs between 2015 and 2022 — algorithm confusion is still the most common way JWTs fail.
API Authentication Best Practices (2026)
How you authenticate API clients decides how bad a leaked credential gets. Here is how to choose and harden API keys, bearer tokens, JWTs, and mTLS in 2026.
Secure JWT handling: algorithm confusion, expiry, and storage done right
A single unchecked `alg` header turned jsonwebtoken into a forgeable token in CVE-2015-9235 — here's how to close every hole RFC 8725 warns about.
JWT Security Vulnerabilities and How to Avoid Them
JSON Web Tokens are only as safe as how you verify them. The alg:none trick, RS256-to-HS256 confusion, and weak secrets have all led to full auth bypass.
JWT (JSON Web Token)
A JWT (JSON Web Token) is a compact, signed token used to prove identity and claims between systems. Here's how they work, and where they break.
PASETO tokens
PASETO tokens explained: what is PASETO, how PASETO vs JWT differs, and why platform-agnostic security tokens with versioned crypto are safer by design.
CVE-2025-20188 in Cisco IOS XE WLC: Hardcoded JWT to Root RCE
A hardcoded JSON Web Token in Cisco's Wireless LAN Controller gives unauthenticated attackers a path to root via arbitrary file upload.
What Is a JWT (JSON Web Token)
A JWT is a compact, signed token that carries claims like who a user is between parties. Learn its three parts, how signing works, and the common security pitfalls.