Deploying Secure Applications with TLS (closed)

Presented at DeepSec 2016 „Ten“, Unknown date/time (Unknown duration)

Transport Layer Security (TLS) is the most important cryptographic protocol on the Internet. It is responsible for securing connections between browsers and web servers, or between web services peers. However, recent TLS history is full of new attacks, which makes it difficult do deploy applications securely. In this training, we give an overview of the most important TLS attacks, and show how to detect these attacks with different tools. Afterwards, we present best practices to establish secure TLS connections. Contents Short intro into crypto Internet protocol suite TLS protocol Certificates TLS attacks TLS implementations Secure TLS configuration Security evaluation with specific tools Training attendees The training is dedicated to server administrators as well as penetration testers. There are no specific prerequisites for this course. However, basic knowledge of server administration or basic crypto knowledge would be of advantage. Requirements A laptop with a recent version of Virtual Box

Presenters:

• Juraj Somorovsky - Hackmanit GmbH / Ruhr University Bochum
  Dr. Juraj Somorovsky is a security researcher at the Ruhr University Bochum, and co-founder of Hackmanit GmbH. He is a co-author of several TLS attacks (e.g., DROWN), and the main developer of a flexible tool for TLS analyses: TLS-Attacker (https://github.com/RUB-NDS/TLS-Attacker). He presented his work at many scientific and industry conferences, including Usenix Security, Blackhat, Deepsec or OWASP Europe.

Links:

• https://deepsec.net/archive/2016.deepsec.net/speaker.html#WSLOT238

Similar Presentations:

• DeepSec 2016 „Ten“ / TLS 1.3: Lessons Learned from Implementing and Deploying the Latest Protocol
• DeepSec 2016 „Ten“ / Systematic Fuzzing and Testing of TLS Libraries
• DeepSec 2014 „Do you want to know more?“ / Introduction to and survey of TLS Security