From Cryptography to AppSec: Scott Contini on Building Practical Security

Episode SummaryScott Contini has a PhD in cryptography with more than a dozen research publications, and has spent the last 15 years focused on solving real-world security problems. After switching from academia to industry in 2008, Scott has identified hundreds of cryptographic implementation flaws across the world, written widely read blogs on common coding mistakes, and contributed significantly to the 2021 OWASP Top 10 topic of Cryptographic Failures. He joins Cole Cornford to discuss how cryptography often goes wrong in practice, why secure-by-default APIs are reshaping security today, and the importance of clear communication and community-building in advancing the field. Scott also shares stories from working alongside legendary figures in cryptography, and offers advice for anyone looking to build a sustainable and impactful security career.Timestamps00:20 - Scott’s background in cryptography and transition to AppSec02:00 - Moving from theory to real-world security challenges05:00 - Common cryptography mistakes in the industry07:50 - Why using the wrong encryption modes leads to vulnerabilities10:10 - How Java’s cryptography design led to widespread issues14:40 - The rise of secure-by-default APIs in cryptography17:00 - Stories from working with cryptographic legends22:00 - Improving advice in the OWASP community27:50 - The value of writing and public speaking in AppSec careers33:00 - Advice for newcomers in security: think like an attacker and keep learningMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrpSpotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

There are no comments yet.

Please log in to write the first comment.