Olivia
Online
Pinned Tweet
AROUG te invita a participar del Evento DevConverge LATAM el sábado 11 de abril en Buenos Aires. Cupos Limitados. Regístrate Ya ! https://t.co/abFkfKMahe
#oracle @oracleace @oracle
@flybondioficial @flybondioficial
Doble reprogramación en la misma reserva (WSZIGX).
Vuelo FO5163 Salta → Buenos Aires (07/01) cancelado sin mi consentimiento.
Intento cambiar fecha y la web no permite elegir ninguna próxima.
Solo recibo respuestas automáticas.
Necesito solución hoy
@flybondioficial @flybondioficial
Doble reprogramación en la misma reserva (WSZIGX).
Vuelo FO5163 Salta → Buenos Aires (07/01) cancelado sin mi consentimiento.
Intento cambiar fecha y la web no permite elegir ninguna próxima.
Solo recibo respuestas automáticas.
Necesito solución hoy
Who to follow
Will Sentance 
@willsentance
Building Embodied AI tools at South Park Commons | Visiting Fellow Oxford University | Founder https://t.co/MybQbBvIax | Creator of The Hard Parts courses
greendubliner
@greendubliner
writer, translator
Chris Dabatos
@RealChrisSean
Husband first. Dad second. Engineer third.
@flybondioficial Doble reprogramación en la misma reserva (WSZIGX).
Vuelo FO5163 Salta → Buenos Aires (07/01) cancelado sin mi consentimiento.
Intento cambiar fecha y la web no permite elegir ninguna próxima.
Solo recibo respuestas automáticas.
Necesito solución hoy.
@flybondi
Doble reprogramación en la misma reserva (WSZIGX).
Vuelo FO5163 Salta → Buenos Aires (07/01) cancelado sin mi consentimiento.
Intento cambiar fecha y la web no permite elegir ninguna próxima.
Solo recibo respuestas automáticas.
Necesito solución hoy.
13 Complete YouTube Courses for Programming:
1. Python
https://t.co/9oCwJGxjfz
2. SQL
https://t.co/sIiLyUwBMx
3. JavaScript
https://t.co/mc7lfOL8Da
4. Java
https://t.co/qIW3FUbY2B
5. C++
https://t.co/e3aJ4OaSOR
6. Rust
https://t.co/xbZsqABRGO
7. Golang
https://t.co/V2dBQLO6zf
8. C#
https://t.co/iMSvHVrUNA
9. Kotlin
https://t.co/Xjbmpi9JBC
10. Swift
https://t.co/Ud95cCiB84
11. PHP
https://t.co/D7nbhUuqar
12. C
https://t.co/jDUm4LCV2E
13. DSA
https://t.co/pd8gGrYtAP
𝐉𝐖𝐓 (JSON Web Tokens)
◾ JSON Web Token (JWT) => open standard (RFC 7519) for securely transmitting information between parties as a JSON object.
◾ a compact and self-contained way to represent a set of claims securely between two parties.
📌 𝐒𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞 𝐨𝐟 𝐚 𝐉𝐖𝐓
A JWT consists of three parts => separated by dots (.)
[1.] 𝐇𝐞𝐚𝐝𝐞𝐫
◾ Specifies the algorithm used to sign the token (e.g., HS256, RS256) and the type of the token, which is always JWT.
[2.] 𝐏𝐚𝐲𝐥𝐨𝐚𝐝 (Claims)
◾ Contains the claims (statements) about an entity (typically, the user) and additional data.
There are three types of claims -
◾ Registered claims (standardized): iss (issuer), exp (expiration time), sub (subject), aud (audience) etc.
◾ Public claims (customizable by your application).
◾ Private claims (application-specific agreements).
[3.] 𝐒𝐢𝐠𝐧𝐚𝐭𝐮𝐫𝐞
◾ Created by taking -
a. the encoded header
b. the encoded payload
c. a secret
d. signing it with the algorithm specified in the header
◾ Used to verify the token's authenticity and integrity.
📌 𝐁𝐞𝐧𝐞𝐟𝐢𝐭𝐬 𝐨𝐟 𝐔𝐬𝐢𝐧𝐠 𝐉𝐖𝐓𝐬
◾ Auth
◾ Statelessness => server doesn't need to store session information.
◾ Security =>can be signed using various algorithms
◾ Decentralization => ideal for single sign-on (SSO).
📌 𝐉𝐖𝐓 𝐁𝐞𝐬𝐭 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬
JWTs are a tool, not a complete security solution.
Their security hinges on proper implementation and usage. 👍
[1.] Algorithm Selection
◾ Prioritize Asymmetry - Use RS256 (RSA) or ES256 (Elliptic Curve) for stronger security.
◾ Avoid HS256 - HMAC-based signing (HS256) requires careful key management.
◾ Never Use 'none' - This disables signing, rendering JWTs completely insecure.
[2.] Key Management
◾ Generate robust, cryptographically secure keys (256-bit or higher).
◾ Regularly rotate keys.
[3.] Secure Storage
◾ Store keys securely, never in source code or version control.
[4.] Claim Usage
◾ Avoid storing sensitive or personally identifiable information (PII) directly in JWT claims.
◾ Utilize standard claims (iss, exp, aud, sub) consistently.
◾ For sensitive data, encrypt the JWT payload.
[5.] Token Handling
◾ Transmit JWTs exclusively over HTTPS to prevent interception.
◾ Store JWTs in HttpOnly cookies to protect against cross-site scripting (XSS) attacks.
◾ Set short expiration times and consider refresh tokens for longer sessions.
◾ Implement mechanisms for revoking compromised tokens =>blacklists, short-lived tokens.
[6.] Validation and Verification
◾ ALWAYS verify the JWT signature using the appropriate algorithm and key before processing the claims.
◾ Check all relevant claims (exp, iss, aud) for validity and relevance to your application.
=> Implement rate limiting to protect against brute-force attacks.
=>Use security-focused HTTP headers to enhance protection.
--------------
👍 Follow -@techNmak
![techNmak's tweet photo. 𝐉𝐖𝐓 (JSON Web Tokens)
◾ JSON Web Token (JWT) => open standard (RFC 7519) for securely transmitting information between parties as a JSON object.
◾ a compact and self-contained way to represent a set of claims securely between two parties.
📌 𝐒𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞 𝐨𝐟 𝐚 𝐉𝐖𝐓
A JWT consists of three parts => separated by dots (.)
[1.] 𝐇𝐞𝐚𝐝𝐞𝐫
◾ Specifies the algorithm used to sign the token (e.g., HS256, RS256) and the type of the token, which is always JWT.
[2.] 𝐏𝐚𝐲𝐥𝐨𝐚𝐝 (Claims)
◾ Contains the claims (statements) about an entity (typically, the user) and additional data.
There are three types of claims -
◾ Registered claims (standardized): iss (issuer), exp (expiration time), sub (subject), aud (audience) etc.
◾ Public claims (customizable by your application).
◾ Private claims (application-specific agreements).
[3.] 𝐒𝐢𝐠𝐧𝐚𝐭𝐮𝐫𝐞
◾ Created by taking -
a. the encoded header
b. the encoded payload
c. a secret
d. signing it with the algorithm specified in the header
◾ Used to verify the token's authenticity and integrity.
📌 𝐁𝐞𝐧𝐞𝐟𝐢𝐭𝐬 𝐨𝐟 𝐔𝐬𝐢𝐧𝐠 𝐉𝐖𝐓𝐬
◾ Auth
◾ Statelessness => server doesn't need to store session information.
◾ Security =>can be signed using various algorithms
◾ Decentralization => ideal for single sign-on (SSO).
📌 𝐉𝐖𝐓 𝐁𝐞𝐬𝐭 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬
JWTs are a tool, not a complete security solution.
Their security hinges on proper implementation and usage. 👍
[1.] Algorithm Selection
◾ Prioritize Asymmetry - Use RS256 (RSA) or ES256 (Elliptic Curve) for stronger security.
◾ Avoid HS256 - HMAC-based signing (HS256) requires careful key management.
◾ Never Use 'none' - This disables signing, rendering JWTs completely insecure.
[2.] Key Management
◾ Generate robust, cryptographically secure keys (256-bit or higher).
◾ Regularly rotate keys.
[3.] Secure Storage
◾ Store keys securely, never in source code or version control.
[4.] Claim Usage
◾ Avoid storing sensitive or personally identifiable information (PII) directly in JWT claims.
◾ Utilize standard claims (iss, exp, aud, sub) consistently.
◾ For sensitive data, encrypt the JWT payload.
[5.] Token Handling
◾ Transmit JWTs exclusively over HTTPS to prevent interception.
◾ Store JWTs in HttpOnly cookies to protect against cross-site scripting (XSS) attacks.
◾ Set short expiration times and consider refresh tokens for longer sessions.
◾ Implement mechanisms for revoking compromised tokens =>blacklists, short-lived tokens.
[6.] Validation and Verification
◾ ALWAYS verify the JWT signature using the appropriate algorithm and key before processing the claims.
◾ Check all relevant claims (exp, iss, aud) for validity and relevance to your application.
=> Implement rate limiting to protect against brute-force attacks.
=>Use security-focused HTTP headers to enhance protection.
--------------
👍 Follow -@techNmak](https://pbs.twimg.com/media/GxADkg5X0AAH8f0.jpg)
@mcjerem @JavaOne @java_gdl @JavaUsers @springframework @QuarkusIO @CaceresJava @javadevelopers @BolivianJUG @CLOJUG @Oraclejavamag @springboot Gracias Jere!! Abrazo enorme 🙌🏻
¡VIVO 💥#Java Dev Converge LATAM -SPRINT ONLINE 3 de 4 💥! No olvides asistir hoy.
https://t.co/aftaOpVaQw
💥Seguimos hosteando el #JavaDevConverge LATAM 2/4💥
Luego del éxito del primer encuentro, la comunidad de desarrolladores #Java continúa compartiendo todas su experiencias ¡Sumate!
@MauriDeveloper
🌟 Link Evento: https://t.co/0s4Eeq4xqI
💥Seguimos hosteando el #JavaDevConverge LATAM 2/4💥
Luego del éxito del primer encuentro, la comunidad de desarrolladores #Java continúa compartiendo toda su experiencia en un espacio marcado por la transformación digital. ¡@interbanking te invita ! 🙌🏻
#java #quarkus
🌟 Charla 1: ⚡Your Java application Kubernetes Native ready: a live experience⚡
Presentador: Elder Moraes
🌟 Charla 2: 👨💻Jakarta EE in the Raspberry Pi world👨💻
Presentador: Igor Souza
🌟 Pagina Oficial para toda la info : https://t.co/GH0CUsAyJv
Last Seen Users on Sotwe
BELLA SHEMALE BATAM
Seen from Indonesia
JoomlaShine
Seen from Turkey
ชายแท้สระบุรีที่ชอบsex💦
Seen from Thailand
علي علي
Seen from Canada
mody
Seen from Netherlands
啫啫煲很好吃
Seen from United States
yaşlı kadın sever
Seen from Germany
gento
Seen from Indonesia
افلام سكس سودانيه
viral toktok
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers