2017 dates coming soon
Crypto Risk Training – 1 day
Learn how to identify and assess crypto flaws in applications and infrastructures.
This one-day course is for professionals working in application security, eg security/risk managers, application security auditors, pen-testers and security architects. You will learn:
- when (not) to use crypto and why
- mistakes to avoid in common operations and protocols
- best practices for key-management
- real-world examples of attacks exploiting crypto flaws to obtain secret data, achieve remote code execution, reset passwords to known values, etc.
Some basic familiarity with cryptography is required to get the most out of the training. There is no practical exercise, so up-to-date coding skills are not required, but concrete code examples will be given in Java.
Advanced Crypto Attacks Training – 1 day
Learn how to implement effective cryptanalytic attacks
In this course you will learn to attack applications by implementing padding oracle attacks. There will be hands-on exercises. You will learn:
- How to detect vulnerability to a padding oracle attacks
- How to implement the Vaudenay attack (against symmetric key cryptography in CBC mode)
- How to implement the Bleichenbacher attack (against RSA encryption with PKCS#1v1.5 padding)
- Optimisations and variants of the attacks for particular real-world settings.
Our training courses are also available for private groups. Contact us for a quote.