Training Course – Crypto Exploits and How to Avoid Them
As well as providing software solutions for finding vulnerabilities in the use of crypto, we also run training courses on identifying and assessing crypto flaws in applications and infrastructure. These courses are usually held at our office in Paris, or at our research partner’s facilities in Venice. See below for more next dates.
We have recently had requests to run training courses in North America. If this would be of interest to you, please let us know so that we can arrange an appropriate time and place.
Our training courses can also tailored to private groups of up to six people. Contact us for a quote.
Autumn 2018 dates TBC – Paris/Venice
This course will teach you how to identify and assess crypto flaws in applications and infrastructure.
You can attend one or both days of the course.
Cryptosense maintains strong links with the University of Venice Ca’ Foscari. Venice courses will be taught by Cryptosense CEO Dr. Graham Steel and Prof. Riccardo Focardi of the University of Ca’ Foscari. Paris courses are taught by Dr. Graham Steel and Dr Etienne Millon.
Both days of the course are intended for professionals working in application security. Some basic familiarity with cryptography is required to get the most out of the training.
Day 1 – Crypto Risk
There is no practical exercise, so up to date coding skills are not required. Training examples will be given in Java.
You will learn:
- When (not) to use crypto and why
- Mistakes to avoid in common operations and protocols
- Best practices for key-management
- Real-world examples of attacks exploiting crypto flaws to obtain secret data, achieve remote code execution, reset passwords to known values, etc.
Day 2 – Crypto Exploits
This part of the training includes practical exercises, so some coding skills are required, and familiarity with crypto APIs will help. The training examples will be given in Java, but developers with good experience of another widely-used high-level language like Python may prefer to use that. Cryptosense trainers will support Java and Python, but can’t guarantee support for more exotic languages.
You will learn:
- How to write exploits for vulnerabilities resulting from common crypto errors