Lessons from Trusting JavaScript Cryptography - Biting into the Forbidden Fruit
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the controversial world of JavaScript cryptography in this 59-minute conference talk from AppSecEU 2014. Delve into the testing of high-profile crypto libraries, applications, and systems, uncovering hilarious bugs and security vulnerabilities. Compare these findings to issues in established cryptography implementations like OpenSSL and GnuPGP. Question long-held beliefs about JavaScript crypto's inherent insecurity and examine potential fixes. Gain insights into various attack vectors, including XSS, man-in-the-middle attacks, PRNGs, and timing side-channels. Leave with an updated, opinionated perspective on the state of JavaScript cryptography and its potential for security comparable to other implementations.
Syllabus
Krzysztof Kotowicz - Biting into the Forbidden Fruit. Lessons from Trusting JavaScript Crypto.
Taught by
OWASP Foundation
Related Courses
Hardware SecurityUniversity of Maryland, College Park via Coursera Cryptography and Information Theory
University of Colorado System via Coursera Introduction to Software Side Channels and Mitigations
Graz University of Technology via edX Side-Channel Security: Developing a Side-Channel Mindset
Graz University of Technology via edX Physical and Advanced Side-Channel Attacks
Graz University of Technology via edX