Play all

Intro

What will they talk about? • Quick primer on cryptography, encryption, and key management • Issues with current at-rest data encryption approaches

A02:2021 - Cryptographic Failures

Cryptography Cryptography was practiced for millennia before the Invention of computers One of the original and fundamental mechanisms for computer security

Cryptographic Attacks . Modern cryptography is exceptionally strong against direct attacks

Problem - Keys

Two Predominant Use Cases for Encryption

The Central Implicit Trust Model

So, what's the problem with that?

Two Real-world Examples Security Incident

Better Approach

Example - Medical Records System Only a subset of data values and attachments are to be protected

Column-Level Encryption

Application-Level Encryption (ALE)

Parting Words of Crypto Advice

Description:

Explore advanced data encryption techniques for protecting data at rest in this 47-minute OWASP Foundation conference talk. Delve into the limitations of current encryption methods for data at rest and discover alternative approaches that offer enhanced protection against modern security threats. Learn about Application-Level Encryption (ALE), Transparent Data Encryption (TDE), Field-Level Encryption (FLE), client-side encryption, and custom implementations. Gain insights into addressing ransomware, data theft, insider threats, and application layer attacks such as SQL injection. Understand the fundamentals of cryptography, encryption, and key management, and explore real-world examples of security incidents and improved encryption strategies for medical records systems.

Data at Rest Encryption - Addressing Modern Attacks Beyond the Basics

OWASP Foundation

Add to list

#Information Security (InfoSec) #Cybersecurity #Data Encryption #Computer Science #Cryptography #Database Management #Database Security #Transparent Data Encryption #Key Management