Security Intermediate

What is JWT (JSON Web Token)?

A compact, self-contained token format used for securely transmitting information between parties as a JSON object.

JWTs consist of three Base64-encoded parts: header (algorithm), payload (claims/data), and signature (verification). They are commonly used for authentication — after login, the server issues a JWT that the client includes in subsequent requests.

JWTs are stateless (no server-side session needed) and can carry user data. Security considerations include short expiration times, secure storage, HTTPS-only transmission, and proper signature verification.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

Input Validation

The process of verifying that user-supplied data meets expected formats, types, and ranges before processing it.

Two-Factor Authentication (2FA)

A security method requiring two different forms of identification before granting access to an account.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

Secret Management

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Brute Force Attack

An attack method that systematically tries all possible combinations of passwords or keys until the correct one is found.

View All Security Terms →