Cryptography is a huge subject with dedicated experts, but that doesn’t mean developers can leave it entirely to their security teams. Building security into DevOps means you need to understand how to deliver secure, high-quality code at velocity. Having some basic cryptography under your belt will help.
Cryptography vulnerabilities moved up a place on the revised OWASP Top 10 list for 2021 and is now in the second position. Formerly listed under the term Sensitive Data Exposure, the category has been renamed Cryptographic Failures to better describe the root cause of the problem rather than the symptom.
In a world where every business is now a software business, cryptographic failures can lead to breaches in any business. When organizations as diverse as Schreiber foods (the biggest supplier of cream cheese), an oil pipeline company, and the Houston Rockets NBA team have all been impacted by ransomware attacks, no business can afford to skimp on cryptography. Managing encryption and key storage is as important as managing inventory, shipping, or public relations. Managing software risk is managing business risk.
Cryptography uses algorithms to make messages indecipherable without a key; it’s a way to secure information at rest and communication in transit. These deterministic algorithms are used for cryptographic key generation, digital signing, identity verification, web browsing on the internet, and confidential communications such as credit card transactions and email.
Here are a few cryptography best practices that will increase your security right away.