OWASP Global AppSec US 2021 has ended
Back To Schedule
Friday, November 12 • 10:00am - 11:00am
Data at Rest Encryption - Going Beyond the Basics to Address Modern Attacks

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Data encryption has long been a major component of information security. Data in transit is well protected by the Transport Layer Security (TLS) open cryptographic standard and its predecessors, but unfortunately the same cannot be said for data at rest. The current, common approach for encryption of data at rest is to rely on low-level mechanisms that satisfy compliance requirements, but do not address modern security concerns. This session will discuss shortcomings of encryption at the disk, bucket, file, and database levels and provide alternatives that offer additional protection against ransomware, data theft, insider threat, and application layer attacks such as SQL injection. Technologies and techniques covered will include Application-Level Encryption (ALE), Transparent Data Encryption (TDE), Field-Level Encryption (FLE), client-side encryption, and custom implementations.

avatar for Chuck Willis

Chuck Willis

Product Security, Independent
Chuck Willis is an industry-recognized expert in cyber security, with over twenty years of experience in cyber security, including software security, application security, product security, penetration testing, secure development programs, and computer investigations. His past experiences... Read More →

Friday November 12, 2021 10:00am - 11:00am PST