TLS in the enterprise

In our our training we will cover attacks against TLS/SSL in theory and in practice, discuss their relevance for the enterprise and talk about reasonable mitigating controls.

The training will demystify TLS/SSL Security because today it seems to be hard to run a secure TLS configuration without breaking functionality. So after some basic introduction about history and cryptology we will dig into certificate problems, crypto attacks, work with most important tools and walk through the common SSL vulnerabilities. We will explain each vulnerability, do a demo or hands-on if possible, discuss relevance and pitfalls within the enterprise context and give recommendations for mitigating controls (e.g. example configs for Apache, Nginx, IIS, Tomcat, Jboss).

And don’t forget to bring a laptop with administrative privileges, this is a hands-on training and you have to install tools, if you would like to participate in the exercises.

Prerequisites

  • Basic knowledge about networking and protocols (tcp, udp, http, smtp)

  • Working with linux/*nix on the command line

  • Basics about configuration of web, mail and application servers

Requirements

  • Laptop with administrative privileges

  • VirtualBox or VMWare Player installed

  • SSH client

About the Speakers