TLS in the Enterprise

Online Training date: November 03-04, 2021.

Abstract

In our our training we will cover attacks against TLS/SSL in theory and in practice, discuss their relevance for the enterprise and talk about reasonable mitigating controls.

Description

The training will demystify TLS/SSL Security because today it seems to be hard to run a secure TLS configuration without breaking functionality. So after some basic introduction about history and cryptology we will dig into the protocol and its different versions, certificate problems, crypto attacks, work with most important tools and walk through the common SSL vulnerabilities. We will explain vulnerabilities, do a demo or hands-on if possible, discuss relevance and pitfalls within the enterprise context and give recommendations for mitigating controls (e.g. example configs for Apache, Nginx, IIS, Tomcat, Jboss).

Its best to bring a laptop where you have administrative privileges, this is a hands-on training and you should be able to install tools, if you would like to participate in the exercises. We do however have workarounds if you absolutely cannot install anything on your machine.

About the Speakers