This week, we find ourselves understanding the #Cryptonite that can weaken devs and software creators when dealing with #cryptographic #algorithms and #passwords. Lack of proper crypto controls and hardcoded passwords can quickly turn your app into crap.
Remember the last time you heard about a hardcoded #SSH private key, or have you been at work when a developer left the #API keys in his #github #repo?
We go through some gotchas from the excellent book "24 Deadly Sins of Software Security". Anyone doing a threat analysis, or code audit needs to check for these things to ensure you don't end up in the news with a hardcoded password in your home router firmware, like these guys: https://securityledger.com/2015/08/hardcoded-firmware-password-sinks-home-routers/
Book:
Show Notes:
*NEW* we are on Stitcher!: http://www.stitcher.com/s?fid=
TuneIn Radio App: http://tunein.com/r…/Brakeing-Down-Security-Podcast-p801582/
BrakeSec Podcast Twitter: http://www.twitter.com/brakesec
Bryan's Twitter: http://www.twitter.com/bryanbrake
Brian's Twitter: http://www.twitter.com/boettcherpwned
Join our Patreon!: https://www.patreon.com/bds_podcast
RSS FEED: http://www.brakeingsecurity.com/rss
Comments, Questions, Feedback: bds.podcast@gmail.com
Direct Download: http://traffic.libsyn.com/brakeingsecurity/2016-002-Cryptonite.mp3
No comments:
Post a Comment