From the perspective of application and infrastructure security assurance testing, this technical presentation takes attendees through a range of case studies that illustrate the all too common problem of using home grown crypto. Each of the case studies examines the logic that led the developers to use flawed crypto; how the flaw was detected, screenshots of the flaws, and the impact to the system it served. The case studies range from traditional financial services applications to the unique challenges posed by mobile applications as follows Obfuscation Gone Bad Keys? We Don't Need No Stinking Keys We Dont Need Logic, Weve Got Crypto! No Worries, We are using 3DES We Have Both Kinds: AES and XOR The House Always Loses? Can't Crack SSL? Just Talk Plaintext! Take My Data. Please! Mobile Application Security-A Target Rich Environment The presentation also introduces the concept of Session ID pre-hash analysis based on research done by Klayton Monroe.