By James Barclay, Nick Mooney and Olabode Anise

In this talk, we explore the implications of poor cryptographic API design, how insecure certificate chain validation implementations can be exploited, and how widespread usage of APIs like Android SafetyNet are in certain verticals. We also propose recommendations for both implementers and cryptographic API authors, like choosing misuse-resistant cryptographic APIs and what to do when faced with misuse-prone cryptographic primitives.

Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefi...