Many cryptographic exploits require little to no understanding of math, but
cryptography’s reputation as an impenetrable Gordian knot of arcane symbols and
proofs (thanks, academics) keeps many capable application security
professionals from even TRYING to understand cryptography.
Consider the replay attack: capture an encrypted message and send it again,
with catastrophic results, if, for instance, the message means “transfer $100
from my bank account to yours.” If you understood that, congratulations, you’ve
just learned one way to attack modern cryptosystems. Come learn about more
attacks that don’t take math chops to understand, and learn to use attack tools
for the attacks that do!