[Security] Practical attacks on web application crypto

December 27, 2011 - 15:32 UTC - Tags: security padding oracle hashing HackPra (@HackPra) was kind enough to invite me to do a talk. On the 7th of December I heald a talk called "Attacks on web application crypto".

The talk covered attacks on hashes (including length extension attacks on MD5 signatures), Padding oracle attacks and BEAST. I used some javascript demos to explain the different topics.

Here are some resources from the talk:

Many thanks to Mario Heiderich and Markus Niemietz for inviting me. I also enjoyed spending the rest of the evening at G-Data and meeting all the people there.

Permalink |

Comments closed for this post

About Erlend

Security guy with some thoughts on secure development.

Follow me on twitter

Tag cloud

.net, .netspec, adam, ad lds, ajax, asp.net, authentication, authorization, axis, bdd, certificates, conference, cookie, craftsman, crossdomain, cross site scripting, cryptography, csp, csrf, css, escaping, firefox, flash, flex, httponly, input validation, javascript, jquery, jsonp, nosql, nosql-injection, output escaping, owasp, password, phishing, ql-injection, rails, retirejs, rfi, security, silverlight, spam, speaker, sql-injection, sql injection, ssl, talk, tdd, testing, unit testing, web services, wse, wss4j, x509, xml, xsrf, xss