LEARNING PATH: Application Security Essentials

Introduction to Web App Cryptography

Cryptography in its many forms has been around for centuries, storing and protecting secrets and confidential information. Data encryption today is simply an advanced form of this, using ciphers, algorithms and keys to securely store data. Given that nearly all applications store some form of sensitive user data, it’s imperative that they use effective methods of cryptography to properly secure this information.

Introduction to Web App Cryptography takes you on a deep-dive of cryptography and cryptographic implementations. You’ll learn about symmetric and asymmetric ciphers, block and stream ciphers, encryption best practices and the essentials of key management. 

With the help of hands-on labs, you’ll learn about insecure cryptographic implementations in ECB mode. We’ll even talk about one-way hashing, comparing it to ‘Key Stretching’ algorithms. Finally, you’ll learn about the essential elements of good secrets management.

The training material, labs and video content are all specially designed by AppSecEngineer for this course. What you’ll find here is a distillation of years of security testing experience, knowledge, and original research across our entire team. It’s why we’ve put such a strong focus on real-world techniques, challenges and scenarios that you’ll be able to directly use to secure applications today.

Introduction to web app cryptography
Proficiency Intermediate
Audience Application Security
Course Duration​ 4
Lessons​ 33
Cloud Labs​ 4



Cloud Security Expert

Course duration




Cloud Labs


    • Symmetric and Asymmetric Ciphers
    • Block and Stream Ciphers
    • Hands-on: Modes of Encryption – Best Practices
    • Hands-on: Padded oracle attack and defense
    • Hands-on: Asymmetric Encryption and RSA-OAEP Padding
    • Secrets Management Deep-dive
    • Secrets Management in the Cloud
    • Secrets Management with Vault
    • Hands-on: Implementing Secrets Management with an App and Vault
    • Hands-on: Dynamic Secrets with Vault
    • Other Secrets Management Best Practices
    • Hashing Concept Overview
    • Hashing and Why you should NOT be using it to protect passwords
    • Introduction to Key-stretching Algorithms: 
    • BCrypt and SCrypt
    • PBKDF2
    • Argon2
  • Insecure Modes of Encryption
  • Authenticated Encryption with AES GCM
  • RSA Optimal Asymmetric Encryption Padding
  • Signatures with Asymmetric Encryption Algorithms
  • One-Way Hashing vs. Key Stretching
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking "Accept" you consent to the use of All the cookies