Web App Crypto - A Study in Failure

Presented at AppSec USA 2012, Oct. 26, 2012, 3 p.m. (45 minutes)

Seldom in cryptography do we have any unconditional proofs of the difficulty of defeating our cryptosystems. Furthermore, we are often defeated not by the attacks we anticipated, but the vectors we did not know about. Like fire and safety engineers, we learn from the mistakes of the past in order to avoid similar mistakes in the future. This presentation is a summary of the mistakes that web app developers have made in implementing crypytosystems, so that we do not repeat them.


Presenters:

  • Travis H - Secure Software Development Life Cycle Specialist - Well-Known Financial Institution
    Travis has been employed doing security or cryptography for financial institutions, top 50 web sites, e-commerce hosting companies, web software companies, and other organizations. He has been part of the largest security monitoring operation in the world, part of the security team for the most widely used piece of software in the world, and helped design an intrusion detection system. He occasionally teaches classical cryptology at Stanford.

Links:

Similar Presentations: