Overview
JSON permeates virtually every corner of the digital landscape today. It powers web APIs, configures files, fuels mobile apps, and anchors data storage. To maintain seamless day-to-day hacking, it’s crucial to wield a robust understanding of JSON. Let’s dive in!
Understanding JSON: A Beginner’s Guide
JSON, an acronym for “JavaScript Object Notation,” stands as the quintessential format for data interchange on the web. Its simplicity has endeared it to web developers. If you’re venturing into web development, engaging in web application penetration testing, or simply haven’t explored JSON yet, this guide is tailor-made for you. By the end of this post, you will possess a clear understanding of JSON’s essence, its utility, and how to maneuver within its realms.
What is JSON?
JSON serves as a nimble format for storing and transporting data. Its prevalence arises when data shuttles between servers and web pages or vice versa. JSON, a text format, balances readability for humans and machine-friendly parsing and generation. It originates from a subset of the JavaScript Programming Language but flaunts language-agnostic adaptability, rendering it compatible with virtually any programming language.
Why Use JSON?
- Simplicity: JSON’s brevity surpasses other data formats like XML, accelerating reading and writing for developers.
- Readability: Its structure is lucid and easily comprehensible.
- Universality: JSON garners support from nearly all modern programming languages.
- Scalability: Suited for expansive applications, JSON boasts commendable performance.
JSON Syntax Rules
JSON syntax, derived from JavaScript object notation, adopts a text-only format. Key rules include:
- Data is represented in name/value pairs: Just like object properties in many programming languages.
- Data is separated by commas: Ensuring multiple data points can be included without confusion.
- Curly braces {} hold objects: This allows for nested data structures.
- Square brackets [] hold arrays: Lists of values can be stored in this format.
JSON Example
Here’s a simple JSON representation of a person’s details:
{
"name": "Jeremy",
"age": 35,
"isHacker": true,
"courses": ["PEH", "PAH", "CRTO"]
}
- The person’s name is a string.
- Age is a number.
isHacker
is a boolean (true or false).courses
constitute an array of strings.
Working with JSON
Parsing JSON: When receiving data from a server, it usually comes in the form of a JSON string. Before you can work with it in your programming language of choice, you need to convert (or ‘parse’) it into a language-specific object. In JavaScript:
let text = '{"name":"Jeremy", "age":35}';
let obj = JSON.parse(text);
alert(obj.name); // Outputs: Jeremy
Stringifying JSON: If you have data in your application that you want to send to a server, you need to convert it into a JSON string. This process is called ‘stringifying’. In JavaScript:
let obj = {name: "Jeremy", age: 35};
let jsonString = JSON.stringify(obj);
When to Use JSON?
JSON is primarily used in web applications to send data from a server to a client. Some common scenarios include:
- APIs and Web Services: Data fetched from APIs commonly adopts the JSON format.
- Configuration Files: Some software and services rely on JSON to store configuration data.
- Data Storage: Certain databases, such as MongoDB, leverage JSON for data storage.
Conclusion
JSON stands as an indispensable tool, revered for its simplicity and adaptability. It serves as the linchpin connecting most modern web applications, facilitating seamless data exchange between servers and clients. Whether you’re a developer, web app pentester, or a tech enthusiast, proficiency and comfort with JSON are imperative. For those seeking deeper insights, the MDN Web Docs provide an excellent starting point. Happy JSON hacking!
Check out our YouTube channel for more information on hacking JSON:

About the Author: Alex Olsen
Alex is a Web Application Security specialist with experience working across multiple sectors, from single-developer applications all the way up to enterprise web apps with tens of millions of users. He enjoys building applications almost as much as breaking them and has spent many years supporting the shift-left movement by teaching developers, infrastructure engineers, architects, and anyone who would listen about cybersecurity. He created many of the web hacking courses in TCM Security Academy, as well as the PWPA and PWPP certifications.
Alex holds a Master’s Degree in Computing, as well as the PNPT, CEH, and OSCP certifications.
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.
Pentest Services: https://tcm-sec.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: [email protected]
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.