AppSec USA 2017 has ended
Back To Schedule
Friday, September 22 • 1:30pm - 2:15pm
Common Developer Crypto Mistakes (with illustrations in Java)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

During the past 7 years, I have examined how cryptography has been used in 200+ different projects from a security risk perspective. This includes 85+ design reviews well over 100 secure code reviews (mostly Java with some C/C++ and C# thrown in for good measure) performed for two different companies. That includes both proprietary code of these 2 companies, proprietary vendor code reviewed under NDAs, as well as some FOSS code. This talk explores the most commonly observed applied cryptography mistakes made by developers during that 7 year window, how you can spot those mistakes, and finally describes how to correct them.


avatar for Kevin Wall

Kevin Wall

Senior Application Security Engineer, Verisign
I have been involved in application security for almost the past 20+ years, but I still considers myself a developer first and an AppSec engineer second. During most of those past 20 years, I have specialized in applied cryptography and web AppSec. Before transitioning to AppSec... Read More →

Friday September 22, 2017 1:30pm - 2:15pm EDT
Coronado J