TLS in the Enterprise

This is a two-day training. It takes place online on March 23 to 24, 2021.

In our our training we will cover attacks against TLS/SSL in theory and in practice, discuss their relevance for the enterprise and talk about reasonable mitigating controls.

The training will demystify TLS/SSL Security because today it seems to be hard to run a secure TLS configuration without breaking functionality. So after some basic introduction about history and cryptology we will dig into certificate problems, crypto attacks, work with most important tools and walk through the common SSL vulnerabilities. We will explain each vulnerability, do a demo or hands-on if possible, discuss relevance and pitfalls within the enterprise context and give recommendations for mitigating controls (e.g. example configs for Apache, Nginx, IIS, Tomcat, Jboss).

And don’t forget to bring a laptop with administrative privileges, this is a hands-on training and you have to install tools, if you would like to participate in the exercises.

Prerequisites

  • Basic knowledge about networking and protocols (tcp, udp, http, smtp)

  • Some experience in working with the command line over SSH

  • Basics about configuration of web, mail and application servers

Requirements

  • Laptop with

  • SSH client

  • Wireshark (portable version suffices, drivers to capture traffic not required)

About the Speakers