Register for Training
Year after year, cryptography is incorporated in to more and more systems. Whether it be encrypting data in transit with off-the-shelf protocols, or implementing custom encryption mechanisms for data at rest, software developers are increasingly expected to leverage cryptography to meet security demands.
However, few developers have the experience or training to implement cryptography safely. The significant learning curve associated with using any cryptographic primitive properly, combined with the error prone APIs that most development environments expose to developers has led to countless flaws in modern applications.
This course is designed to provide attendees with the core concepts required to make informed decisions about what cryptographic primitives and APIs are safest to use in practice. Attendees will further learn that with a proper implementation, cryptography can make their development tasks easier, in addition to being more secure.
No significant background in cryptography is required to take this one-day course. However, attendees are expected to have a software development background. Lab sessions will include short exercises which ask students to write simple programs in their chosen language to solve various challenges. The content will include approximately 50% lecture and 50% labs or other exercises to reinforce the concepts presented.
Expected Outline:
0. Intro
1. Cryptography Primer/Refresher
– Symmetric Encryption
– Pseudorandom Number Generators
– Hashing and Integrity Protection
– Asymmetric Encryption
– How Crypto Makes Life Easier
1L. Crypto Basics Quiz & VM Setup
2. Overview of Modern Attacks and Common Mistakes
– PRNG issues, APIs
– Integrity Problems
– Padding Oracle Attacks
– Modern Password Cracking
2L. Exercise: Fix their Code
3. Key Exchange and PKIs
– Man-in-the-middle attacks
– PKI approaches
– Problems with PKIs
– Certificate Pinning
3L. Certificate Validation Testing
4. Practical Concerns
– Recent SSL/TLS bugs
– Standard API Overviews: Java, .NET, OpenSSL
– Better APIs: NaCl, KeyCzar,
– Ciphertext Fuzzing Techniques ?
4L. Exercise: Implement a Safe Token