Chain of Fools: An Exploration of Certificate Chain Validation Mishaps

Дата: 15.01.2020. Автор: CISOCLUB. Категории: Подкасты и видео по информационной безопасности

By James Barclay, Nick Mooney and Olabode Anise

In this talk, we explore the implications of poor cryptographic API design, how insecure certificate chain validation implementations can be exploited, and how widespread usage of APIs like Android SafetyNet are in certain verticals. We also propose recommendations for both implementers and cryptographic API authors, like choosing misuse-resistant cryptographic APIs and what to do when faced with misuse-prone cryptographic primitives.

Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#chain-of-fools-an-exploration-of-certificate-chain-validation-mishaps-17516

Об авторе CISOCLUB

Редакция CISOCLUB. Официальный аккаунт. CISOCLUB - информационный портал и профессиональное сообщество специалистов по информационной безопасности.
Читать все записи автора CISOCLUB

Добавить комментарий

Ваш адрес email не будет опубликован.