Training Courses

2017 Dates

19-20 June 2017 – Paris

26-27 October 2017 – Venice

Crypto Risk Training – 2 day course

This course will teach you how to identify and assess crypto flaws in applications and infrastructure. You can attend one or both days of the course. See ticket types for muti-day pricing.

Eventbrite - Crypto Risk - Training by Cryptosense - 19 & 20 June 2017

Day 1 – Crypto Risk

The course is for professionals working in application security. Some basic familiarity with cryptography is required to get the most out of the training. There is no practical exercise, so up to date coding skills are not required. Examples will be given in Java.

You will learn:

  • When (not) to use crypto and why
  • Mistakes to avoid in common operations and protocols
  • Best practices for key-management
  • Real-world examples of attacks exploiting crypto flaws to obtain secret data, achieve remote code execution, reset passwords to known values, etc.

Day 2 – Crypto Exploits

The course is for professionals working in application security. Some basic familiarity with cryptography is required to get the most out of the training. This part of the training includes practical exercises, so some coding skills are required, and familiarity with crypto APIs will help. The training examples will be given in Java, but developers with good experience of another widely-used high-level language like Python may prefer to use that. Cryptosense trainers will support Java and Python, but can’t guarantee support for more exotic languages.

You will learn:

  • How to write exploits for vulnerabilities resulting from common crypto errors

Eventbrite - Crypto Risk - Training by Cryptosense - 19 & 20 June 2017

Our training courses are also available for private groups. Contact us for a quote.

Java crypto security whitepaper

Covers JCE and BouncyCastle, key-management vulnerabilities, flaws in encryption and signature modes, randomness problems, insecure interactions between crypto operations and more.