How to use Java Cryptography API Securely ?

Are you overwhelmed with the over-abundance of choices provided by the Java Cryptography API, when choosing an encryption algorithm or a randomness provider? Are you on top of all the latest happenings in cryptographic communities, to know which cryptographic primitives can be broken, and how? Due to time constraints, do you find yourself copy/pasting from Oracle documentation or GitHub, hoping and praying that it's secured? Do you find yourself frustrated with the complicated Java architecture that you need to get your functionality working?

If any of these answers are “yes”, come join me in this talk. I will be going over each cryptographic primitive like Random Number Generators, Encryption/Decryption algorithms, HMACs, digital signatures, Key Management etc. We will go into details on not just how to get it working, but how to use it securely and simultaneously future-proofing your applications. I will point out areas which require careful attention and help to make correct algorithmic and keying material choices, along with plenty of code examples showing correct and incorrect usages.

About Mansi Sheth

Mansi Sheth is a Principal Security Researcher at Veracode Inc. In her career, she has been involved with breaking, defending and building secure applications. Mansi researches various languages and technologies, finding insecure usages in customer code and suggests automation measures in finding vulnerabilities for Veracode's Binary Static Analysis service. She is an avid traveller with the motto “If not now, then when?”

More About Mansi »