Security Theatre

Security Theatre

PHP UK Conference via YouTube Direct link

Timing Attacks Brute forcing cryptographic functions via time taken to execute

22 of 32

22 of 32

Timing Attacks Brute forcing cryptographic functions via time taken to execute

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Security Theatre

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Security Theatre @thomas_shone
  3. 3 Denial
  4. 4 Internet of Things
  5. 5 SAMSUNG
  6. 6 Most popular software It's not what you think
  7. 7 OpenX Backdoored for almost a year
  8. 8 Versioning Projects with bad versioning also have some of the worst security issues
  9. 9 Automatic Patching If your software comes with automatic upgrading, people will use it
  10. 10 Plugins and Templates If an update needs manual changes for plugins or template, no one updates
  11. 11 The hardest part of security is not writing secure code
  12. 12 without vulnerability Vulnerability research and security updates
  13. 13 I trust that the network is configured properly and secure Good system administrators
  14. 14 I trust you are who you say you are TLS Certificate Peer Verification or Authentication
  15. 15 I trust your computer is not compromised ????
  16. 16 I trust that the user won't be the weak link Training and procedures
  17. 17 Weakening Compromising encryption or hashing is about reducing time to crack
  18. 18 Implementation A bad implementation helps reduce the time to crack
  19. 19 2 Factor Authentication composer require pragmarx/google2fa
  20. 20 Avoid old tutorials on encryption scott/e9319254c8ecbad4f227
  21. 21 One way encoding Comparisons / Integrity Checks
  22. 22 Timing Attacks Brute forcing cryptographic functions via time taken to execute
  23. 23 is critical in encryption Used for key generation and nonces
  24. 24 Weak password reset processes Can you Google the answer? How do you handle customer support reset?
  25. 25 Patching Strategy If a dependency prevents updating, resolve it now
  26. 26 Don't become comfortable Comfort breeds contempt
  27. 27 Training Strategy Have a process for dealing with account locks and resets
  28. 28 Compromise Strategy Have a plan before you need it
  29. 29 Information
  30. 30 Decouple roles Databases, servers, domains, roles, ...
  31. 31 Get behind PSR-9 & 10
  32. 32 Group Performance

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.