Security Intermediate

What is JWT (JSON Web Token)?

A compact, self-contained token format used for securely transmitting information between parties as a JSON object.

JWTs consist of three Base64-encoded parts: header (algorithm), payload (claims/data), and signature (verification). They are commonly used for authentication — after login, the server issues a JWT that the client includes in subsequent requests.

JWTs are stateless (no server-side session needed) and can carry user data. Security considerations include short expiration times, secure storage, HTTPS-only transmission, and proper signature verification.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Secret Management

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

Content Security Policy (CSP)

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

Principle of Least Privilege

A security principle where users and programs receive only the minimum access rights needed to perform their specific tasks.

View All Security Terms →