[podcast] Cryptonite - or how to not have your apps turn to crap

This week, we find ourselves understanding the#Cryptonite that can weaken devs and software creators when dealing with #cryptographic #algorithms and #passwords. Lack of proper crypto controls and hardcoded passwords can quickly turn your app into crap.Remember the last time you heard about a hardcoded#SSH private key, or have you been at work when a developer left the #API keys in his #github #repo?We go through some gotchas from the excellent book "24 Deadly Sins of#Software #Security". Anyone doing a #threat #analysis, or code audit needs to check for these things to ensure you don't end up in the news with a hardcoded #password in your home router firmware, like these guys: https://securityledger.com/2015/08/hardcoded-firmware-password-sinks-home-routers/ Book:http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751Show Notes:https://docs.google.com/document/d/1MUPj8CCzDodik61_1K8lCKywkv0JbfBkve20rxwbmzE/edit?usp=sharing*NEW* we are on Stitcher!: http://www.stitcher.com/s?fid=80546&refid=stprTuneIn Radio App: http://tunein.com/r…/Brakeing-Down-Security-Podcast-p801582/BrakeSec Podcast Twitter: http://www.twitter.com/brakesecBryan's Twitter: http://www.twitter.com/bryanbrakeBrian's Twitter: http://www.twitter.com/boettcherpwnedJoin our Patreon!: https://www.patreon.com/bds_podcastComments, Questions, Feedback: bds.podcast@gmail.comDirect Download: http://traffic.libsyn.com/brakeingsecurity/2016-002-Cryptonite.mp3iTunes: https://itunes.apple.com/us/podcast/2016-002-cryptonite-or-how/id799131292?i=360440391&mt=2[embed]http://traffic.libsyn.com/brakeingsecurity/2016-002-Cryptonite.mp3[/embed]