Export to
Wednesday, September 6, 2017 at 11:40am and last updated
Thursday, September 7, 2017 at 10:15am.
OWASP: Crypto 101 - Part 1
Access Notes
We will be on the 5th floor - the elevators will be unlocked and you should be able to take the elevator directly to the 5th floor.
New Relic will provide Pizza and beverages. Thank you New Relic!
Website
Description
The media keeps talking about this Cryptography thing. Information Security teams pressure internal operations and development, as well as, vendors to support encrypted data and transport.How can we responsibly implement cryptography in our projects?
In the first of a 2-part series, we will discuss major types of encryption, including symmetric, asymmetric and hashing. We will cover the simple principles behind symmetric encryption, then lightly touch modern asymmetric functions, without the math! We will also cover certificate usage.
After our talk, you will understand the difference between AES, RSA and SHA. You will also understand how the web uses encryption and certificates to keep our transactions secure.
The second part of the series presented by Tim Morgan, will focus on, SSL/TLS's PKI, certificate validation, how basic crypto goes wrong (lacking integrity protection, padding oracle attacks, weak password hashes, etc), and explore what safe cryptographic libraries are out there and how to use them.
SPEAKER: Brian Ventura
Brian is a SANS Instructor and works locally for the City of Portland as an Information Security Architect. Brian co-teaches a PCC course this fall, focused on preparing for the CISSP certification.