From the course: Learning the OWASP Top 10 (2025 Version)
Join today to access over 25,300 courses taught by industry experts.
Defending against cryptographic failures
From the course: Learning the OWASP Top 10 (2025 Version)
Defending against cryptographic failures
Defending against cryptographic failures starts with recognizing where these issues truly come from. In practice, attackers rarely break modern encryption algorithms. They more often bypass them. They exploit missing encryption, weak defaults, exposed keys, or implementations that quietly undermine the protections cryptography is supposed to provide. Let's walk through the essential practices that help organizations use cryptography safely and consistently. The first pillar of defense is selecting modern, vetted cryptographic algorithms and protocols. For protecting data at rest, rely on authenticated encryption modes such as AES-GCM with secure key links. 128-bit and 256-bit are both widely accepted industry standards. for data in transit, enforce TLS 1.2 or higher, TLS 1.3 is best if it's a possibility, and disable deprecated protocols like SSL and TLS 1.0, 1.1. Outdated cipher suites, insecure negotiation modes, and legacy protocols create unnecessary openings. Regularly reviewing…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.