Explore modern HTTPS and TLS security practices in this comprehensive conference talk from AppSecUSA 2016. Dive into the challenges of implementing strong security for Internet-facing services, covering protocol-level vulnerabilities like FREAK, BEAST, CRIME, POODLE, and LOGJAM. Learn about the tradeoffs between modern network security requirements and legacy client interoperability. Discover how to apply these concepts to Apache and Nginx servers, mobile app web services, and non-browser infrastructure. Gain insights into Curve25519, ChaCha/Poly1305, LibSodium, BoringSSL, and LibreSSL. Understand the fundamentals of certificates, including ECDSA vs RSA, key sizes, ephemeral Diffie-Hellman, and validation types. Explore best practices such as certificate transparency, pinning, and strict transport security. Get updates on the OpenSSL 1.1 audit and access curated configuration guides for HTTPS and TLS implementation.
HTTPS and TLS Security Practices - Front Line Insights 2016
Overview
Syllabus
HTTPS & TLS in 2016: Security practices from the front lines - AppSecUSA 2016
Taught by
OWASP Foundation
Related Courses
-
SSL, TLS and HTTPS Overview
-
Everything Related to Transport Layer Security - TLS
-
Transport Layer Security - TLS 1.2 and 1.3 Explained by Example
-
HTTPS Everywhere: Improving Web Security and Usability
-
On the Practical - In-Security of 64-bit Block Ciphers - Collision Attacks on HTTP over TLS and OpenVPN
-
Unlocking the Secrets of TLS - Establishing Secure Internet Connections
