How NOT to Implement Cryptography for the OWASP Top 10 (Reloaded)

Presented at ToorCon San Diego 13 (2011), Oct. 9, 2011, 3 p.m. (20 minutes)

This talk is an update of a talk in 2008 at the OWASP Minneapolis-St.Paul Chapter which was about encryption as it applies to parts of the OWASP Top Ten. The new talk uses fresh examples of application cryptography successes and failures, and also incorporates the new OWASP ESAPI. Audience questions, participation, and contributions are encouraged.


  • Anthony J. Stieber
    Anthony J. Stieber has worked in academia, banks, retail, & insurance; designed enterprise security architectures, installed military & commercial firewalls; engineered medical diagnostic systems; reverse-engineered Internet stores; encrypted terabyte data warehouses; provided expertise for court cases; spoken at international cryptography conferences; and became an apprentice locksmith & a published writer.

Similar Presentations: