Developers tend do a poor job of implementing cryptography and other security measures in their systems. However, we as security people aren't doing very much to help them be successful. Often the primitives used are out of date and overlook very subtle flaws. These mistakes lead to systems that are hopelessly insecure despite our perception that we’ve build an impenetrable fortress. Fortunately there are a few tools and techniques at our disposal that can ease some of the pain. In this talk we'll get our laughs by exploring some of the most common pitfalls developers encounter with cryptography, but also try and restore some of our sanity.
John Downey is the Security Lead at Braintree. Braintree helps businesses accept payments online with great development tools and first class support. There he has worked on their highly available infrastructure and integrations into the banking system. In his free time, he contributes to open source projects and mentors high school students in the FIRST Robotics Competition.
Recorded at BSides Philly 2016
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek