Security Intermediate

What is JWT (JSON Web Token)?

A compact, self-contained token format used for securely transmitting information between parties as a JSON object.

JWTs consist of three Base64-encoded parts: header (algorithm), payload (claims/data), and signature (verification). They are commonly used for authentication — after login, the server issues a JWT that the client includes in subsequent requests.

JWTs are stateless (no server-side session needed) and can carry user data. Security considerations include short expiration times, secure storage, HTTPS-only transmission, and proper signature verification.

Related Terms

Principle of Least Privilege

A security principle where users and programs receive only the minimum access rights needed to perform their specific tasks.

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.

Brute Force Attack

An attack method that systematically tries all possible combinations of passwords or keys until the correct one is found.

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

An authorization framework that allows third-party applications to access user resources without sharing passwords.

View All Security Terms →