TLS in the Enterprise
Online Training date: November 03-04, 2021.
In our our training we will cover attacks against TLS/SSL in theory and in practice, discuss their relevance for the enterprise and talk about reasonable mitigating controls.
The training will demystify TLS/SSL Security because today it seems to be hard to run a secure TLS configuration without breaking functionality. So after some basic introduction about history and cryptology we will dig into the protocol and its different versions, certificate problems, crypto attacks, work with most important tools and walk through the common SSL vulnerabilities. We will explain vulnerabilities, do a demo or hands-on if possible, discuss relevance and pitfalls within the enterprise context and give recommendations for mitigating controls (e.g. example configs for Apache, Nginx, IIS, Tomcat, Jboss).
Its best to bring a laptop where you have administrative privileges, this is a hands-on training and you should be able to install tools, if you would like to participate in the exercises. We do however have workarounds if you absolutely cannot install anything on your machine.