Techniques for Writing Secure Code

Encryption

• encrypt end-to-end communication
  • SSL

  • VPN

  • SSH for CLI apps (go on, laugh)

• encrypt stored data
  • Secret Key: Vulnerable to key stealing

  • Public Key: Encrypting key is public, decrypting (private) key can be on another continent

• Key management
  • Secret keys should be in a separate file protected by strict OS permissions

  • Private keys should be protected by a passphrase if possible

• Encryption is hard: care must be taken so that it's done right