SSL++: Tales of Transport-Layer Security at Twitter

Presented at HOPE X (2014), July 18, 2014, 8 p.m. (60 minutes)

You've enabled HTTPS on your site. Now what? How do you protect against sslstrip attacks, CA compromise, and the dangers of mixed content? @jimio will share some approaches they've taken @twitter: Strict-Transport-Security, "secure SEO" with canonical link elements, Content Security Policy, and certificate pinning. There will be code, exploits, and open source! There will be a few fun stories to share as well, and since this is an SSL talk, you KNOW there's gonna be heartbleed.


Presenters:

  • Jim O'Leary as @jimio
    @jimio works on Twitter's product-security team; he delights in short biographies.

Links:

Similar Presentations: