SecAppDev 2024 - Cryptography

An update on the most important cryptographic algorithms and a status on the migration towards post-quantum security.

Key takeaway: Which cryptographic algorithms to use for which tasks.

Learn how to translate cryptography know-how into robust working code that is easy to review. Avoid common implementation pitfalls by learning how to use the modern Tink cryptographic library.

Key takeaway: Learn how to use Tink to implement cryptographic features and protocols in a robust manner.

Ethereum is a programmable blockchain, a "world computer" powering decentralized applications. Find out how software for this "world computer" - smart contracts - are written using the Solidity language.

Key takeaway: Learn what programmable blockchains like Ethereum are all about, what kinds of applications they enable and what common pitfalls developers face.

We discuss the status of NIST's PQC competition, IETF standards and national agencies' recommendations. We conclude with performance benchmarks and crypto agility challenges.

Key takeaway: Post-quantum standards are on their way. Implications will be increased complexity and communication and storage overhead. Crypto agility is hard.

This talk presents a summary of 30 years of crypto wars including the key escrow controversy, client-side scanning, and EU's digital identity initiatives.

Key takeaway: Technology developments create a growing tension between government mass surveillance and privacy; the resulting debate shifts shapes but continues.

This session explores Zero Trust Application Access (ZTAA), a security model emphasizing "never trust, always verify". It'll cover the basics of ZTAA and important points for building and deploying applications within this strategy.

Key takeaway: You'll learn how to deploy Zero Trust Application Access (ZTAA) in small and large businesses and how to build applications according to ZTAA.