Data as a New Security Boundary - Cryptography and Supporting Controls
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Syllabus
Intro
Things we won't talk about
Data security depends on a data flow
Data security 101
Encryption is an ultimate data security measure
A02:2021-Cryptographic Failures. Focused mostly on crypto usage and implementation.
A04:2021-Insecure Design. Focused on design, missing or wrong security controls.
Application-level encryption (ALE)
End-to-end encryption
Zero Trust / Zero Trust Architecture
Zero Knowledge Architecture (ZKA) - system where no one has access to unencrypted data, except the user (node, service, person). Also known as No Knowledge Systems
Other exciting crypto terms Privacy enhancing cryptography: SMPC, PSI, PIR, FHE, PAKE, OPAQUE.
Security controls to support crypto
Pros & Cons
Proxy-side field-level encryption Acra
Key hierarchy Database
ALE for NoCode platform
Crypto + supporting controls 1. Key management, separate key per customer (BYOK). 2. Full compartmentalization: customer's data is located in different DBs, encrypted by different key, each app uses its own DAO. 3. Full transparency - the platform doesn't have access to customer's
ALE for fintech platform
Taught by
OWASP Foundation
Related Courses
Internet History, Technology, and SecurityUniversity of Michigan via Coursera Sicherheit im Internet
openHPI أساسيات التشفير
Rwaq (رواق) Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera