From OWASP 3: Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser.
Paraphrased, this week is not about how to prevent break-ins into your system, but how to make sure your sensitive data should be protected even in the case someone break into your system.
After this week, you should be able to:
We will use the slides and sample code for this.
The main focus of the exercises for this week is to be able to encrypt and decrypt data using the libraries of Java.
Design a system for handling signatures for new parties.
The first thing we will do is to look at Cesarean rotation. I am not sure it was ever used, but it is good for making text which can’t be read by the named eye, but is easy to crack.
In the sample code, find out how many letters to rotate the hidden message. Notice, the rotator can rotate both forwards and backwards (though that is not really necessary - why?)
This exercise uses an “incredible dumb and stupid” password scheme, as the actual input is a number between 1000 and 9999. You must find out which one. Your attack form here is brute force (trying them all).
Hint: If you want to automate validation, the word “everything” occurs in the original text.
This exercise is about writing a small toy editor which allow you to store small texts in encrypted format. The save function is there, but you have to write the load.