Hands-on workshop – Hansel & Gretel do TLS
Effective encryption is a vital component of a safe and secure internet. Many sites and mobile apps still don’t use TLS to encrypt their traffic, often citing some kind of fear over the complexity of it all, that they think they don’t need it, or they make a mess of it, resulting in a literal false sense of security. Apple’s ATS standards for iOS apps, browser policy changes, attacks on TLS, and the rapid rise of HTTP/2 make effective TLS adoption especially important.
Numerous high-visibility vulnerabilities of recent years have emphasised the importance of getting encryption right, but much of the discussion of TLS is fragmented and confusing, meaning that many developers and sysadmins don’t have a sufficient grounding in how to make effective use of it. The basics of TLS encryption are quite straightforward, but the practical realities run into a forest of acronyms and terminology that can be bewildering.
This hands-on workshop gives you a breadcrumb trail through the backwoods of TLS, OCSP, ECDHE, HTTP/2, HSTS, CT and more. You’ll get an overview of what problems TLS solves, how it works, its component pieces, how they fit together, where vulnerabilties and mitigations apply, and what tools and resources can help you get up to speed. As we go through all this, we will cover getting a free certificate, configuring a site (either yours or a sample site using nginx), and using testing tools to check your configuration.
Session Themen#IT Security Summit
Target audience: The workshop is intended for beginners
- laptop with an SSH-capable terminal application (such as Putty or iTerm2)