We’ve spent a lot of time working on crypto audit of Java applications recently at Cryptosense while developing our Java Crypto Analysis tool. To share our results, this spring we’ll be running a two-day training course on crypto security specifically looking at applications that use the Java crypto API (JCE/JCA).
As well as secure crypto programming practice and common mistakes that lead to vulnerable applications, we’ll look at the specifics of commonly used crypto libraries that offer a JCE/JCA interface. This includes their implementation of the Java keystore. In particular, the training will cover key-management flaws and how to avoid them.
As usual, the training will take place in our wonderful location overlooking the Grand Canal in Venice, and will include a networking dinner in our favourite nearby Osteria.