2021 OWASP Top Ten: Cryptographic Failures
ฝัง
- เผยแพร่เมื่อ 29 มิ.ย. 2024
- Shifting up one position from the 2017 list to Number 2 is Cryptographic Failures. This was previously known as "Sensitive Data Exposure" which is more of a broad symptom rather than a root cause, and the focus is on failures related to cryptography (or lack thereof). This can often lead to exposure of sensitive data. Notable Common Weakness Enumerations (CWEs) included are CWE-259: Use of Hard-coded Password, CWE-327: Broken or Risky Crypto Algorithm, and CWE-331 Insufficient Entropy. #OWASPTOP10
Video 3/11
⬇️⬇️⬇️ JOIN THE COMMUNITY! ⬇️⬇️⬇️
DevCentral is an online community of technical peers dedicated to learning, exchanging ideas, and solving problems - together.
Find all our platform links ⬇️ and follow our Community Evangelists! 👋
➡️ DEVCENTRAL: community.f5.com
➡️ TH-cam: / devcentral
➡️ LINKEDIN: / f5-devcentral
➡️ TWITTER: / devcentral
Your Community Evangelists:
👋 Jason Rahm: / jrahm | / jasonrahm
👋 Buu Lam: / buulam | / buulam
👋 Aubrey King: / aubreyking | / aubreykingf5 - วิทยาศาสตร์และเทคโนโลยี
![LISA - ROCKSTAR (Official Music Video) REACTION [SHE'S BACK!]](http://i.ytimg.com/vi/QBxE30vavMQ/mqdefault.jpg)
Really really good videos. Quick and to the point
Thanks Ruth! Glad you enjoyed them and we appreciate the comment!!
Hi, first of all many thanks for the videos. In your first example you mention to avoid auto-decryption. Do you mean between the DB and the app? In the case of a user querying CC numbers, you would eventually need to decrypt, would this be done in the app?
Amazing video!! Love this straight forward format easy to remember
Thanks for the comment and glad you enjoyed the video!!
Awesome 🌟
Glad you liked it and thanks for the comment!
These guys have just narrated what's there on OWASP website.
Failure, I was expecting a failure in the algorithm that would lead to data exposure, not a failure in cryptographic setup.
The good point its the downgrade attack, if it's possible to downgrade a version of cryptos, this would actually be a failure.
Your explanation was very bad. This beautiful type of attack could have much better examples 👎