You forgot to “changeit” - CogniCrypt knows it!

Channel:
Eclipse Foundation
Subscribers:
24,000
Published on ● Video Link: https://www.youtube.com/watch?v=Ce3GJYHGjpQ


Duration: 30:56
393 views
5

EclipseCon France 2018
https://www.eclipsecon.org/france2018/session/you-forgot-%E2%80%9Cchangeit%E2%80%9D-cognicrypt-knows-it

Speaker(s):
Johannes Späth (Fraunhofer IEM)
Stefan Krüger (Paderborn University)

Cryptographic libraries are difficult to use. Various empirical studies have shown that software developers commonly struggle to correctly encrypt, sign or hash data processed within their software. Common APIs of cryptographic libraries are powerful, yet require a lot of configuration. For example, symmetric block ciphers must be configured with block modes, padding schemes, and the algorithm's key length. While the fine-grained crypto APIs allow software developers customized and flexible implementations, slight misconfigurations easily yield insecure and broken code. In other words, the APIs are designed for crypto experts, although their target audience are software developers.

The Eclipse plugin CogniCrypt bridges this gap between crypto experts and software developers. CogniCrypt continuously assists software developers within their IDE, warns as soon as a cryptographic API is used incorrectly and suggests possible fixes. CogniCrypt makes cryptography usable for developers and thereby facilitates secure software implementations.

In this talk we showcase CogniCrypt, give an overview of its features, dive into some technical details, such as the underlying domain-specific language and the static analysis. We further demonstrate how CogniCrypt can be customized to detect misused APIs also in other domains.

Oh and before we forget - CogniCrypt also warns you when you leave your beloved password in your code. So you better change it.

Note:
Due to technical difficulties, we were not able to record the first two minutes of audio.



Other Videos By Eclipse Foundation


2018-06-26Karsten Thoms | What's exciting about Eclipse Photon
2018-06-26Noopur Gupta | What's exciting about Eclipse Photon
2018-06-26Lakshmi Shanmugam | What it means to be an Eclipse Contributor
2018-06-26Mickael Istria | Eclipse Photon Drives Innovation
2018-06-26vECM | Developing with Eclipse Collections - Eclipse Photon Series
2018-06-25vECM | What’s new in Eclipse Xtext 2.14 - Eclipse Photon Series
2018-06-25vECM | Embracing JUnit 5 with Eclipse IDE -Eclipse Photon Series
2018-06-25Path to Cloud native Application Development (sponsored by Red Hat)
2018-06-25Stateless Microservice Security via MicroProfile JWT
2018-06-25Approaching Light Speed - News from the Eclipse Photon Platform
2018-06-25You forgot to “changeit” - CogniCrypt knows it!
2018-06-22Microservices Data Patterns: CQRS & Event Sourcing
2018-06-22Eclipse MicroProfile - New and Noteworthy
2018-06-22Nebula and Opal: The story of a commiter
2018-06-22Ignite Talks
2018-06-22OpenADx – xcelerate your Autonomous Driving development
2018-06-22Scalable and resilient security in microservice architectures: Leveraging Microprofile JWT-Auth
2018-06-22E-FMP's Extensible Symbolic Execution Tool
2018-06-22Comparison and merge use-cases from practice with EMF Compare
2018-06-22Building streamed iOS and Android mobile and web apps with one Java code (sponsored by Mindus)
2018-06-22Scalable cloud IDE with Eclipse Che and Kubernetes/OpenShift


Tags:
EclipseCon France 2018