![BrakeSec Education Podcast artwork](https://is1-ssl.mzstatic.com/image/thumb/Podcasts123/v4/f0/95/3e/f0953e48-be1e-60df-72d5-c863223e4d75/mza_8232316433178170329.png/100x100bb.jpg)
2016-002-Cryptonite- or how to not have your apps turn to crap
BrakeSec Education Podcast
English - January 11, 2016 02:14 - 1 hour - 57.9 MB - ★★★★★ - 98 ratingsTech News News Technology cisa cissp legal pentesting podcasts application compliance computersecurity cybersecurity education Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
This week, we find ourselves understanding the #Cryptonite that can weaken devs and software creators when dealing with #cryptographic #algorithms and #passwords. Lack of proper crypto controls and hardcoded passwords can quickly turn your app into crap.
Remember the last time you heard about a hardcoded #SSH private key, or have you been at work when a developer left the #API keys in his #github #repo?
We go through some gotchas from the excellent book "24 Deadly Sins of Software Security". Anyone doing a threat analysis, or code audit needs to check for these things to ensure you don't end up in the news with a hardcoded password in your home router firmware, like these guys: https://securityledger.com/2015/08/hardcoded-firmware-password-sinks-home-routers/
Book:
http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751
Show Notes:
https://docs.google.com/document/d/1MUPj8CCzDodik61_1K8lCKywkv0JbfBkve20rxwbmzE/edit?usp=sharing
*NEW* we are on Stitcher!: http://www.stitcher.com/s?fid=80546&refid=stpr
TuneIn Radio App: http://tunein.com/r…/Brakeing-Down-Security-Podcast-p801582/
BrakeSec Podcast Twitter: http://www.twitter.com/brakesec
Bryan's Twitter: http://www.twitter.com/bryanbrake
Brian's Twitter: http://www.twitter.com/boettcherpwned
Join our Patreon!: https://www.patreon.com/bds_podcast
RSS FEED: http://www.brakeingsecurity.com/rss
Comments, Questions, Feedback: [email protected]
Direct Download: http://traffic.libsyn.com/brakeingsecurity/2016-002-Cryptonite.mp3
iTunes: https://itunes.apple.com/us/podcast/2016-002-cryptonite-or-how/id799131292?i=360440391&mt=2