Explore the impact of certificates on service-based infrastructure in this 43-minute conference talk from BSides San Francisco 2015. Delve into the world of certificates, certificate authorities, and trust chains, understanding their crucial role in web security. Learn about implicit trust, the concept of "The Man in the Middle," and the potential risks associated with strict certificate checking. Examine real-world scenarios, including corporate outages and the pros and cons of internal certificate authorities. Gain insights into identifying risk areas, utilizing essential tools, and conducting effective code reviews to enhance your organization's security posture.
When Doing the Right Thing Goes Wrong - Impact of Certificates on Service Based Infrastructure
via YouTube
Overview
Syllabus
Intro
About Rob
About me
Agenda
What are Certificates
Certificate Authorities
Revocation Lists
Trust Chain
Implicit Trust
Certificate Authority
Demo
Web Browser
Example Perspective
Who is the Certificate Authority
The Man in the Middle
Lets Demo This
Strict Certificate Checking
How Much Information Leaks
Break Trust
Corporate Outages
Internal CA Pros and Cons
Identify Risk Areas
Tools
Code Reviews
Summary
