Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the security vulnerabilities in OpenSSL's AES-GCM API implementation in this 31-minute conference talk from NorthSec 2026. Learn how AES-GCM encryption, while theoretically robust, can be compromised through poor API design that lacks misuse resistance, allowing attackers to alter encrypted ciphertext content. Discover the fundamental concepts of AES-GCM encryption and understand what conditions are necessary to compromise its integrity properties. Examine real-world examples where cryptography APIs were implemented without considering misuse resistance, particularly focusing on OpenSSL's implementation used in browsers and programming languages like Ruby and PHP. Master techniques for detecting these API misuses and learn practical exploitation methods for various real-life scenarios. Understand how different usage patterns of AES-GCM create different attack vectors and discover the specific techniques that can be leveraged to exploit these vulnerabilities. Bridge the gap between cryptographic theory and practical implementation challenges, illustrating why secure cryptographic implementations require careful consideration beyond theoretical soundness.
