19-20 June 2017 – Paris
26-27 October 2017 – Venice
Crypto Risk Training – 2 day course
This course will teach you how to identify and assess crypto flaws in applications and infrastructure. You can attend one or both days of the course. See ticket types for muti-day pricing.
Day 1 – Crypto Risk
The course is for professionals working in application security. Some basic familiarity with cryptography is required to get the most out of the training. There is no practical exercise, so up to date coding skills are not required. Examples will be given in Java.
You will learn:
- When (not) to use crypto and why
- Mistakes to avoid in common operations and protocols
- Best practices for key-management
- Real-world examples of attacks exploiting crypto flaws to obtain secret data, achieve remote code execution, reset passwords to known values, etc.
Day 2 – Crypto Exploits
The course is for professionals working in application security. Some basic familiarity with cryptography is required to get the most out of the training. This part of the training includes practical exercises, so some coding skills are required, and familiarity with crypto APIs will help. The training examples will be given in Java, but developers with good experience of another widely-used high-level language like Python may prefer to use that. Cryptosense trainers will support Java and Python, but can’t guarantee support for more exotic languages.
You will learn:
- How to write exploits for vulnerabilities resulting from common crypto errors