In this chapter, we reviewed the basic concepts of cryptography, such as symmetric and asymmetric encryption, stream and block ciphers, hashing, encoding, and obfuscation. You learned how secure communication works in the HTTPS protocol and how to identify vulnerabilities in its implementation and configuration. Then we examined the common flaws found in the storage of sensitive information and the creation of custom encryption algorithms.
We concluded this chapter with comments on how to prevent such flaws and how to make web applications more secure when transmitting and storing sensitive information.
In the next chapter we will learn about AJAX and HTML5 and the challenges and opportunities they pose from the security and penetration testing perspective, especially when it comes to client-side code.