Cryptography seems deceptively simple until you get into implementation. Tempted by shortcuts to save money, organizations ship something "just good enough" to pass compliance checks. This happens all the time working with the public sector and companies in highly-regulated industries making new products or trying to enter the market for the first time. Just when you think you've done everything right, a teeny tiny detail can become a security disaster waiting to happen, introducing vulnerabilities that are difficult to spot and even harder to mitigate.

This talk will be a tour of the most common footguns found in the field made by folks who are sure they've done it right, with live demos, example code, and the tools used to find these.