Learning Path: Application Security Essentials

Introduction to Web App Cryptography

Cryptography in its many forms has been around for centuries, storing and protecting secrets and confidential information. Data encryption today is simply an advanced form of this. Given that nearly all applications store its users’ sensitive data in some form or other, it’s imperative that they use effective methods of cryptography to properly secure the sensitive data.

This course takes you on a deep-dive of cryptography and cryptographic implementations. You’ll learn about symmetric and asymmetric ciphers, block and stream ciphers, encryption best practices and the essentials of key management. With the help of hands-on labs, you’ll learn about insecure cryptographic implementations in ECB mode. Finally, we’ll talk about one-way hashing, comparing it to ‘Key Stretching’ algorithms.

The training material, labs and video content are all specially designed by AppSecEngineer for this course. What you’ll find here is a distillation of years of security testing experience, knowledge, and original research across our entire team. It’s why we’ve put such a strong focus on real-world techniques, challenges and scenarios that you’ll be able to directly use to secure applications today.

Intermediate Proficiency
4 hours
33 lessons
4 Cloud Labs

Course Outline

  • Course Introduction
  • Course Pre-requisites
  • Secrets Breaches and Big Secret Fails
  • Secret Sprawl
  • Secrets vs Sensitive Information
  • Secrets: Challenges
  • Introduction to Symmetric Encryption
  • Bad Cryptographic Decisions
  • Modes of Encryption – Part 1
  • Modes of Encryption – Part 2
  • Introduction and Overview
  • Asymmetric Encryption – Encoding and Weaknesses
  • Vulnerabilities in RSA
  • Introduction and Overview – One way Hashing and Key Stretching
  • Secure Default Libraries for Cryptography
  • Good Secrets Management – Part 1
  • Good Secrets Management – Part 2