Java's SSLSocket: How Bad APIs Compromise Security

Presented at DeepSec 2014 „Do you want to know more?“, Unknown date/time (Unknown duration).

Internet security is hard. TLS is almost impossible. Implementing TLS correctly in Java is "Nightmare!". This talk will show how a badly designed security API introduced over 15 years ago, combined with misleading documentation and developers unaware of security challenges, causes modern smartphone applications to be left exposed to Man-in-the-Middle attacks.

Presenters:

• Dr. Georg Lukas - rt-solutions.de GmbH
  Georg Lukas obtained his Ph.D. degree in 2012 in the context of wireless protocol design. Since then, he is working as an IT security consultant at rt-solutions.de GmbH, based in Cologne.

Links:

• https://deepsec.net/archive/2014.deepsec.net/speaker.html#PSLOT149
• https://infocon.org/cons/DeepSec/DeepSec 2014/Java s SSLSocket - How Bad APIs Compromise Security.mp4

Similar Presentations:

• DeepSec 2016 „Ten“ / Deploying Secure Applications with TLS (closed)
• DeepSec 2016 „Ten“ / TLS 1.3: Lessons Learned from Implementing and Deploying the Latest Protocol
• DeepSec 2014 „Do you want to know more?“ / Introduction to and survey of TLS Security