As applications embrace OAuth, OIDC, and JWTs for federated authentication, attackers are shifting focus to token abuse and logic flaws rather than password theft.
This talk explores how modern auth systems can be compromised through token replay, session fixation, and insecure implementation of identity protocols.

We’ll walk through real-world examples — including intercepted tokens, replayed sessions, and privilege escalations through misconfigured scopes and claims.
We’ll also demonstrate a purpose-built lab environment and open-source tooling to analyze and detect these flaws, helping teams validate their own auth integrations.

Finally, we’ll discuss secure patterns for token handling, revocation, and identity proofing that can prevent these modern attacks before they reach production.