From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 23,100 courses taught by industry experts.

Validating cryptography

Validating cryptography

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Validating cryptography

- [Instructor] Since encryption is often considered a core security control for protecting confidentiality and integrity, you'll want to make sure to include unique tests with a focus on cryptography. When scoping these tests, make sure that you identify all the touch points where encryption mechanisms could be in play. Those touch points can be broken down into three categories, data at rest, which is data encrypted while it's on disk, data in motion, which is data encrypted while it's traveling across the network from one app component to another, or data in use, in which data is stored in memory while it's actively being used by your application. This category of test cases is referred to as cryptographic validation, but validation against what? Your organization should have documented internal cryptography standards. These documents outline the minimum requirements for what data needs to be encrypted, as well as how strong that encryption needs to be. Those internal standards are…

Contents