# JWT

- [¿JWT?](/web/jwt/jwt.md)
- [Lab 1: JWT authentication bypass via unverified signature](/web/jwt/lab-1-jwt-authentication-bypass-via-unverified-signature.md): https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-unverified-signature
- [Lab 2: JWT authentication bypass via flawed signature verification](/web/jwt/lab-2-jwt-authentication-bypass-via-flawed-signature-verification.md): https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-flawed-signature-verification
- [Lab 3: JWT authentication bypass via weak signing key](/web/jwt/lab-3-jwt-authentication-bypass-via-weak-signing-key.md): https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-weak-signing-key
- [Lab 4: JWT authentication bypass via jwk header injection](/web/jwt/lab-4-jwt-authentication-bypass-via-jwk-header-injection.md): https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jwk-header-injection
- [Lab 5: JWT authentication bypass via jku header injection](/web/jwt/lab-5-jwt-authentication-bypass-via-jku-header-injection.md): https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jku-header-injection