Learning Path: Application Security Essentials

Introduction to Web App Cryptography

Cryptography in its many forms has been around for centuries, storing and protecting secrets and confidential information. Data encryption today is simply an advanced form of this, using ciphers, algorithms and keys to securely store data. Given that nearly all applications store some form of sensitive user data, it’s imperative that they use effective methods of cryptography to properly secure this information.

Introduction to Web App Cryptography takes you on a deep-dive of cryptography and cryptographic implementations. You’ll learn about symmetric and asymmetric ciphers, block and stream ciphers, encryption best practices and the essentials of key management. 

With the help of hands-on labs, you’ll learn about insecure cryptographic implementations in ECB mode. We’ll even talk about one-way hashing, comparing it to ‘Key Stretching’ algorithms. Finally, you’ll learn about the essential elements of good secrets management.

The training material, labs and video content are all specially designed by AppSecEngineer for this course. What you’ll find here is a distillation of years of security testing experience, knowledge, and original research across our entire team. It’s why we’ve put such a strong focus on real-world techniques, challenges and scenarios that you’ll be able to directly use to secure applications today.

Intermediate Proficiency
4 hours
33 lessons
4 Cloud Labs

Course Outline

  • Course Introduction
  • Course Pre-requisites
  • Secrets Breaches and Big Secret Fails
  • Secret Sprawl
  • Secrets vs Sensitive Information
  • Secrets: Challenges
  • Introduction to Symmetric Encryption
  • Bad Cryptographic Decisions
  • Modes of Encryption – Part 1
  • Modes of Encryption – Part 2
  • Introduction and Overview
  • Asymmetric Encryption – Encoding and Weaknesses
  • Vulnerabilities in RSA
  • Introduction and Overview – One way Hashing and Key Stretching
  • Secure Default Libraries for Cryptography
  • Good Secrets Management – Part 1
  • Good Secrets Management – Part 2