We run training courses on identifying and assessing crypto flaws in applications and infrastructure. These courses are usually held at our office in Paris, or at our research partner’s facilities in Venice. See below for more details.
We have recently had requests to run training courses in North America. If this would be of interest to you, please let us know so that we can arrange an appropriate time and place.
Our training courses can also tailored to private groups of up to six people. Contact us for a quote.
26-27 October 2017 – Venice
This course will teach you how to identify and assess crypto flaws in applications and infrastructure.
You can attend one or both days of the course. See ticket types for multi-day pricing.
Cryptosense maintains strong links with the University of Venice Ca’ Foscari. The course will be taught by Cryptosense CEO Dr. Graham Steel and Prof. Riccardo Focardi of the University of Ca’ Foscari.
Both days of the course are intended for professionals working in application security. Some basic familiarity with cryptography is required to get the most out of the training.
Day 1 – Crypto Risk
There is no practical exercise, so up to date coding skills are not required. Training examples will be given in Java.
You will learn:
- When (not) to use crypto and why
- Mistakes to avoid in common operations and protocols
- Best practices for key-management
- Real-world examples of attacks exploiting crypto flaws to obtain secret data, achieve remote code execution, reset passwords to known values, etc.
Day 2 – Crypto Exploits
This part of the training includes practical exercises, so some coding skills are required, and familiarity with crypto APIs will help. The training examples will be given in Java, but developers with good experience of another widely-used high-level language like Python may prefer to use that. Cryptosense trainers will support Java and Python, but can’t guarantee support for more exotic languages.
You will learn:
- How to write exploits for vulnerabilities resulting from common crypto errors