Top10
Official OWASP Top 10 Document Repository (by OWASP)
CryptoGotchas
A collection of common (interesting) cryptographic mistakes and learning resources. (by SalusaSecondus)
Our great sponsors
| Top10 | CryptoGotchas | |
|---|---|---|
| 6 | 4 | |
| 4,048 | 308 | |
| 2.2% | - | |
| 4.3 | 2.3 | |
| 28 days ago | about 2 months ago | |
| HTML | HTML | |
| GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Top10
Posts with mentions or reviews of Top10.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-10-10.
-
Study found that developers (still) have a distinct lack of knowledge in understanding the fundamental concepts of cryptography - call for dedicated studies to investigate the usability of crypto APIs
Another example is the OWASP top 10, which put crypto problems as number 2 for their 2021 list. But in their description of the problem, they didn’t address the real problems that developers struggle with. This blew my mind away, so I put in my 2 cents to improve it, and they accepted it.
- OWASP Top 10 calling out some folks! | Top10/A04_2021-Insecure_Design.md at master · OWASP/Top10
-
If you copied any of these popular StackOverflow encryption code snippets, then you coded it wrong
I'm trying to also push giving more attention to these type of problems in the OWASP Top 10. See this: https://github.com/OWASP/Top10/issues/540
-
Some thoughts on 2021 OWASP Top 10's Cryptographic Failures Section
Thanks. I have submitted a pull request to address this here.
CryptoGotchas
Posts with mentions or reviews of CryptoGotchas.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-10-10.
- Study found that developers (still) have a distinct lack of knowledge in understanding the fundamental concepts of cryptography - call for dedicated studies to investigate the usability of crypto APIs
-
I know the mantra is “don’t roll your own crypto”. What are the common pitfalls that people fall into when making their own cryptography programs? For example, why shouldn’t I use the Chacha program that I just wrote?
I present the list of Crypto Gotchas that I've seen in real world code. All of these mistakes have happily many times and broken systems. (They also generally assume that your underlying cryptography is properly built but you still get things wrong.)
-
How to learn cryptography?
My Crypto Gotchas: Getting Started page is a list of resources designed to get people into cryptography. I hope that it is helpful.
- Advice on self-learning crypto
What are some alternatives?
When comparing Top10 and CryptoGotchas you can also consider the following projects:
black - The uncompromising Python code formatter
Cryptography-Guidelines - Guidance on implementing cryptography as a developer.
portable-secret - Better privacy without special software
crypto101
sessionKeys - A tool for the deterministic generation of unique user IDs, and NaCl cryptographic keys from a single username and high entropy passphrase.
python-fpe - FPE - Format Preserving Encryption with FF3 in Python