Security Intermediate

What is JWT (JSON Web Token)?

A compact, self-contained token format used for securely transmitting information between parties as a JSON object.

JWTs consist of three Base64-encoded parts: header (algorithm), payload (claims/data), and signature (verification). They are commonly used for authentication — after login, the server issues a JWT that the client includes in subsequent requests.

JWTs are stateless (no server-side session needed) and can carry user data. Security considerations include short expiration times, secure storage, HTTPS-only transmission, and proper signature verification.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

CSRF (Cross-Site Request Forgery)

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

Security Headers

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

Man-in-the-Middle Attack

An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.

An authorization framework that allows third-party applications to access user resources without sharing passwords.

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

View All Security Terms →