Java's SSLSocket: How Bad APIs Compromise Security

Presented at DeepSec 2014 „Do you want to know more?“, Unknown date/time (Unknown duration)

Internet security is hard. TLS is almost impossible. Implementing TLS correctly in Java is "Nightmare!". This talk will show how a badly designed security API introduced over 15 years ago, combined with misleading documentation and developers unaware of security challenges, causes modern smartphone applications to be left exposed to Man-in-the-Middle attacks.


Presenters:

  • Dr. Georg Lukas - rt-solutions.de GmbH
    Georg Lukas obtained his Ph.D. degree in 2012 in the context of wireless protocol design. Since then, he is working as an IT security consultant at rt-solutions.de GmbH, based in Cologne.

Links:

Similar Presentations: