Loading…
Streaming: https://mssvideo.vcu.edu/RVAsec
← Back to schedule
Breaking Tokens: Modern Attacks on OAuth, OIDC, and JWT Auth Flows
Tuesday June 9, 2026 4:00pm - 4:50pm EDT
Upstairs, Grand Ballroom F/G
As applications embrace OAuth, OIDC, and JWTs for federated authentication, attackers are shifting focus to token abuse and logic flaws rather than password theft.
This talk explores how modern auth systems can be compromised through token replay, session fixation, and insecure implementation of identity protocols.

We’ll walk through real-world examples — including intercepted tokens, replayed sessions, and privilege escalations through misconfigured scopes and claims.
We’ll also demonstrate a purpose-built lab environment and open-source tooling to analyze and detect these flaws, helping teams validate their own auth integrations.

Finally, we’ll discuss secure patterns for token handling, revocation, and identity proofing that can prevent these modern attacks before they reach production.
Speakers
avatar for Bhaumik Shah

Bhaumik Shah

CEO, SecurifyAI
Bhaumik Shah is a cybersecurity leader and founder of Securify, where he helps organizations secure their cloud, applications, and infrastructure through penetration testing, red team operations, and compliance programs like SOC 2 and ISO 27001. With over a decade of experience uncovering... Read More →
Tuesday June 9, 2026 4:00pm - 4:50pm EDT
Upstairs, Grand Ballroom F/G
  Technical

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link