OWASP Top 10 Course: 02 Cryptographic Failures with Examples

Now into the third video of my OWASP Course where I detail the top 10 OWASP risks, and provide examples where possible, here we are with risk number 2.

Risk number 2, is based on the application of cryptographic components or more the lack of them and failure to utilise them correctly. Within this video, I provide a very basic example where I compare Telnet and SSHv2. The idea is simple, using no cryptography compared to using cryptography, so with Telnet I wireshark the traffic for a login, and show the plain text being sent over the network. With SSHv2 I do exactly the same thing, but we cant see the plain text because it’s encrypted.

Note: The password is a temporary one on my home network, nothing is exposed publicly, so nothing to worry about. Do you really think I’d use such terrible password security?