Training Courses

2017 dates coming soon

Crypto Risk Training – 1 day

Learn how to identify and assess crypto flaws in applications and infrastructures.

This one-day course is for professionals working in application security, eg security/risk managers, application security auditors, pen-testers and security architects. You will learn:

  • when (not) to use crypto and why
  • mistakes to avoid in common operations and protocols
  • best practices for key-management
  • real-world examples of attacks exploiting crypto flaws to obtain secret data, achieve remote code execution, reset passwords to known values, etc.

Some basic familiarity with cryptography is required to get the most out of the training. There is no practical exercise, so up-to-date coding skills are not required, but concrete code examples will be given in Java.

Need more information?

Download the course syllabus

Advanced Crypto Attacks Training – 1 day

Learn how to implement effective cryptanalytic attacks

In this course you will learn to attack applications by implementing padding oracle attacks. There will be hands-on exercises. You will learn:

  • How to detect vulnerability to a padding oracle attacks
  • How to implement the Vaudenay attack (against symmetric key cryptography in CBC mode)
  • How to implement the Bleichenbacher attack (against RSA encryption with PKCS#1v1.5 padding)
  • Optimisations and variants of the attacks for particular real-world settings.

Our training courses are also available for private groups. Contact us for a quote.

Java crypto security whitepaper

Covers JCE and BouncyCastle, key-management vulnerabilities, flaws in encryption and signature modes, randomness problems, insecure interactions between crypto operations and more.