Fundamentals of Secure Software - Cryptographic Failures

Doctor's orders

Credit card number

Driver's license

Lab results

Using trusted certificate chains

Using strong encryption keys

Transmitting data in clear text

Implementing HTTPS

Ignoring access controls

Using plain encryption

Collecting unnecessary data

Protecting data at rest

To ensure data is transmitted in clear text

To use outdated encryption algorithms

To verify the identity of communicating parties

To allow unauthorized access to data

Ignoring code quality

Allowing insecure direct object references

Setting compiler settings in the IDE

Using weak encryption keys

Enhanced user privacy

Improved data security

Increased encryption strength

Network traffic monitoring by attackers

Enhance encryption

Steal user sessions

Improve website performance

Secure the connection