Just enough cryptography to better secure your apps

Posted on Jan 18, 2023 · 224 words · 2 minute read

Description

If you are a Software Engineer curious about Information Security, chances are you have crossed paths with a task that involves adding some kind of security mechanism to protect data in your application. To achieve that you will have to use cryptography, which may sound scary. However, in practice, cryptography is about choosing the right tool for the job and, as a Security Software Engineer, the most common tasks you would face are:

  • Encrypt a data blob or data stream
  • Exchange a secret key with a peer
  • Verify that some data blob or data stream is not modified
  • Verify that some data blob or data stream has been produced by someone specific.
  • Generate a secret key from another secret key
  • Generate a secret key from a (low-entropy) value – e.g. password

In this talk you will learn what tools are available to achieve exactly that.

Technical requirements

  • basic knowledge of cryptography.
  • basic knowledge of programming and the Go programming language

Who should attend

While there’s no minimum required experience to attend, this talk will best suited for:

  • Software Engineers
  • Security Engineers
  • Security Software Engineers
  • Cloud Engineers
  • DevOps people
  • Any person that wants to learn more about cryptography

Slides

Recordings