2021 OWASP Top Ten: Cryptographic Failures

preview_player
Показать описание
Shifting up one position from the 2017 list to Number 2 is Cryptographic Failures. This was previously known as "Sensitive Data Exposure" which is more of a broad symptom rather than a root cause, and the focus is on failures related to cryptography (or lack thereof). This can often lead to exposure of sensitive data. Notable Common Weakness Enumerations (CWEs) included are CWE-259: Use of Hard-coded Password, CWE-327: Broken or Risky Crypto Algorithm, and CWE-331 Insufficient Entropy. #OWASPTOP10

Video 3/11

⬇️⬇️⬇️ JOIN THE COMMUNITY! ⬇️⬇️⬇️

DevCentral is an online community of technical peers dedicated to learning, exchanging ideas, and solving problems - together.

Find all our platform links ⬇️ and follow our Community Evangelists! 👋

Your Community Evangelists:
  1. F5 DevCentral
  2. f5
  3. devcentral
  4. owasp
  5. top ten
  6. cryptography
Рекомендации по теме
2021 OWASP Top 0:09:16

2021 OWASP Top Ten: Cryptographic Failures

OWASP Top 10 0:33:36

OWASP Top 10 - 2021 Tryhackme Walkthrough - A Hands-On Guide to Web Security Threats

2021 OWASP Top 0:08:57

2021 OWASP Top Ten Overview

OWASP Top 10 0:08:51

OWASP Top 10 2021 - The List and How You Should Use It

The OWASP Top 0:41:26

The OWASP Top Ten 2021 Release

The OWASP Top 0:03:53

The OWASP Top Ten 2021 No. 2 Cryptographic Failure

OWASP TOP 10 0:14:21

OWASP TOP 10 - 2021 Edition

OWASP TOP 10 0:13:12

OWASP TOP 10 2021 | A02:2021 Cryptographic Failures

The Hack that 0:09:56

The Hack that Killed US fuel supply | Colonial Pipeline | 2021

The OWASP Top 0:41:35

The OWASP Top Ten 2021 Release

CyRC Developer Series: 0:02:04

CyRC Developer Series: #2 Cryptographic failures - OWASP Top 10 2021

OWASP Top 10 0:13:33

OWASP Top 10 2021 Explained | Web Application Vulnerabilities

Introduction to Web 0:53:00

Introduction to Web and Application Security: OWASP Top 10 2021

OWASP Top 10 0:10:56

OWASP Top 10 - 2021 | Cryptographic Failures | Injection| Insecure Design | tryhackme

2021 OWASP Top 0:11:48

2021 OWASP Top Ten: Injection

Cryptographic failures | 0:21:32

Cryptographic failures | OWASP TOP 10

OWASP TOP 10 0:07:02

OWASP TOP 10 - EXPLAINED WITH EXAMPLES - 2024

OWASP Top10 2021 0:16:03

OWASP Top10 2021 | Cryptographic failures

The How and 0:49:37

The How and Why of the OWASP Top Ten 2021 - Brian Glas

OWASP 2021 Top 0:04:58

OWASP 2021 Top 10 Web Application Vulnerabilities

OWASP TOP 10 0:09:27

OWASP TOP 10 | 2. CRYPTOGRAPHIC FAILURE

Cryptography Failure 💥| 0:06:06

Cryptography Failure 💥| Website Hacking Tutorial | #2 - OWASP TOP 10 | @OWASPGLOBAL

TryHackMe - OWASP 1:00:59

TryHackMe - OWASP Top 10 (2021) - Live Walkthrough

OWASP Top 10 0:49:59

OWASP Top 10 2021 Release discussion featuring Jim Manico!

Комментарии
Автор

Really really good videos. Quick and to the point

ruthfehilly
Автор

Amazing video!! Love this straight forward format easy to remember

covfefe
Автор

Very clear, thanks man, nice video 👍

juliozaelsantillanruiz
Автор

Hi, first of all many thanks for the videos. In your first example you mention to avoid auto-decryption. Do you mean between the DB and the app? In the case of a user querying CC numbers, you would eventually need to decrypt, would this be done in the app?

EasyPickens
Автор

These guys have just narrated what's there on OWASP website.

BhargavRajaram
Автор

Failure, I was expecting a failure in the algorithm that would lead to data exposure, not a failure in cryptographic setup.
The good point its the downgrade attack, if it's possible to downgrade a version of cryptos, this would actually be a failure.

hammasahmed
Автор

Your explanation was very bad. This beautiful type of attack could have much better examples 👎

seyedmohammadmortezasanaie