Secure Coding with Cryptography
Secure Coding practices are one of the important aspect in security. Cryptography is another such domain which is often missed while taking care of security. In this session, the audience will learn about basic cryptography and the algorithms used. We will be discussing about some insecure practices and why they should not be used. Once, the audience is well aware of the basics, we will deep dive a bit more into it and learn about implementing good crypto practices in CI/CD pipeline and learning about some security practices in Devops.
Introduction to crypto and hashing algorithms
1.5 HMAC (SHA-256)
How not to leak your secrets
2.1 Weak private keys in asymmetric ciphers
2.2 Hash collisions (MD5 exmaple)
2.3 Small length and pulically known secrets for symmetric ciphers and HMAC
2.4 Case study Don’t Role your own crypto
2.5 OSINT (github and google dorks examples) leading to secret key information disclosures, good practices that you can implement in your CI/CD pipeline
Awesome data privacy with crypto tools and services
3.1 Tor Onion v3 services for DevOps
3.2 How not to be careless while deserializing data from your session tokens and auth headers (Ex: JWT, flask-session) for system related operations
3.3 AES-CBC with PKCS
The speaker holds a Master of Science Degree in Computer Applications(MSc(CA)) from Symbiosis International University, with experience in working on blockchain technologies and conducting security reviews for Web and mobile applications, and Ethereum based Smart Contracts in her previous role as an Information Security Consultant and research intern. Currently she is independently researching on Ethereum Based Smart Contracts alongside working as a Web Application Security Analyst with the WAF Research team at Qualys. She is also the Pune Chapter Lead for the Infosecgirls community and also one of the lead for WomenWhoCode in Pune. She has also presented at conferences such as Owasp Seasides 2019, Bsides Singapore 2019, Webinars and Null Chapter and Cyberfrat Meets.