AISA Melbourne Branch Webinar - April 22

Cloud Branch Meeting
Join us at the AISA Melbourne Branch for an online webinar on JWT Parkour with guest speaker Louis Nyffenegger - Founder, PentesterLab




Topic: JWT Parkour
Nowadays, JSON Web Tokens are everywhere. They are used as session tokens or just to pass data between applications or µservices. By design, JWT contains a high number of security and cryptography pitfalls. 

In this presentation we will learn how to exploit (with demos) some of these issues in using JWT. After covering the basics (None and Algorithm confusion), we will move onto kid injection, embedded JWK (CVE-2018-0114). Finally, we will look at jku and x5u attributes and how they can be abused by chaining vulnerabilities.

Speaker: Louis Nyffenegger - Founder, PentesterLab
Louis is a security engineer based in Melbourne, Australia where he performs pentest, architecture and code review. Louis is the founder of PentesterLab, a learning platform for web penetration testing. Recently, Louis talked at Owasp AppsecDay Melbourne, BSides Canberra (one of the biggest BSides) and ran 2 workshops at Defcon 2018.

At the end of the presentation, there will be an opportunity for participants to ask questions via the Q&A box to the speaker.


This webinar is free and only available to AISA Members, please click here to register online
Non AISA Members: If you would like to become an AISA member you can join here

For any queries regarding this event, please contact AISA Event & Sponsorship Manager, Susanna Palermo via email [email protected] or visit our website

 Time Zones:

  • 10:00am - 11:00am AEST (Brisbane, Canberra, Melbourne & Sydney)
  • 9:30am - 10:30am ACST (Adelaide & Darwin)
  • 8:00am - 9:00am AWST (Perth)

Participate in the webinar:

  • Once you have registered you will receive a confirmation email with the webinar registration link. Use this link and ensure you logon to the webinar at least 10 minutes prior to the start time
  • You will require a strong and stable internet connection
  • It is recommended you use a headset or headphones so you can hear the presentation
  • A recording of the live session will be available for registrants after the event


AISA has evaluated the use of Zoom based on the Traffic Light Protocol which was facilitated for greater information sharing.  AISA webinars are considered TPL White as the information contains minimal or no foreseeable risk of misuse.  In addition AISA has evaluated the use of Zoom for this purpose as aligned to ACSC Web Conferencing Security, April 2020, see link at and has impelled controls to minimise risks. You are required to register for the webinar via the Zoom platform.  Please refer to the Zoom privacy policy here -

22/04/2020 10:00 AM
AUS Eastern Standard Time
Online webinar