From the author of much acclaimed "Bulletproof SSL and TLS" this practical course will teach you how to deploy secure servers and encrypted web applications during a day packed with theory and practical work.
We’ll focus on what you need in your daily work to deliver best security, availability and performance. And you will learn how to get an A+ on SSL Labs!
From the author of much acclaimed "Bulletproof SSL and TLS", this practical course will teach you how to deploy secure servers and encrypted web applications during a day packed with theory and practical work. We’ll focus on what you need in your daily work to deliver best security, availability and performance. And you will learn how to get an A+ on SSL Labs!
Key Learning Objectives:
● Understand threats and attacks against encryption
● Identify real risks that apply to your systems
● Deploy servers with strong private keys and valid certificates
● Deploy TLS configurations with strong encryption and forward secrecy
● Understand higherlevel attacks against web applications
● Use the latest defence technologies, such as HSTS, CSP, and HPKP
a. The need for network encryption
b. Understanding encrypted communication
c. The role of public key infrastructure (PKI)
d. SSL/TLS and Internet PKI threat model
2. Keys and certificates
a. RSA and ECDSA: selecting the right key algorithm
b. Certificate hostnames and lifetime
c. Practical work:
i. Private key generation
ii. Certificate Signing Request (CSR) generation
iii. Selfsigned certificates
iv. Obtaining valid certificates from Let’s Encrypt
d. Understanding revocation
3. Protocols and cipher suites
a. Protocol security
b. Key exchange strength
c. Forward security
d. Cipher suite configuration
e. Practical work
i. Secure web server configuration
ii. Server testing using SSL Labs
f. Sidebar: Server Name indication (SNI)
4. Performance considerations
5. HTTPS topics
a. Mixed content
b. Cookie security
c. CRIME: Information leakage via compression
d. Content Security Policy
e. HTTP Strict Transport Security
f. HTTP Public Key Pinning
6. Putting it all together: Getting A+ in SSL Labs
7. Parting thoughts
a. Troubleshooting tips and tricks
i. Commandline tools: OpenSSL and testssl.sh
b. Migration to HTTPS in large environments
c. What’s coming in TLS 1.3
Ivan Ristic is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.
In August 2015, Skills Matter opened the doors to CodeNode, our new 23,000 sqft Tech Events and Community venue. CodeNode provides fantastic meetup, conference, training and collaboration spaces with unrivalled technology capabilities for our tech, digital and developer communities - a long held dream coming true !
With fantastic transport links and located in the heart of London's Tech City, we could not think of a better location for our 60,000 strong engineering community!
With seven event rooms, including a 300 seater lecture room, thousands more community members will be able to visit CodeNode to learn and share skills, code and collaborate on projects.
CodeNode features a 5,000 sqft break-out space, complete with fully-licensed bar, plenty of power sockets, meeting and collaboration spaces and entertainment areas.
CodeNode will also see the opening of a permanent Hack Space, stacked with microprocessors and the latest tools and devices to play with. A community film studio will be opening too, which you can use to record any tutorials or demo's you may want to share with our community.
If you're interested in hiring CodeNode for your upcoming event, check out more details here.
Hold tight, skillscasts coming soon!