S08tf0iantyih2pi5dux
1 DAY CONFERENCE

Internet PKI in Depth

Topics covered:

Wednesday, 12th April at CodeNode, London

Scott Helme. will be speaking. Starts at 9:00 AM.

Spend a full day to understand both the theory and practice of Internet PKI. Based on the book Bulletproof SSL and TLS. We’ll start with the basics and the theory, then discuss how the PKI is implemented in the real world, and finish with a practical example of a realistic private certification authority. The course is taught in small classes.

Why This Course is for You

  • Learn about key PKI standards and formats
  • Understand where practice differs from theory
  • Analyze certificate lifecycle in detail
  • Evaluate PKI weaknesses and how they affect you
  • Deploy robust protection using public key pinning
  • Learn about what's coming in the future
  • Practise what you've learned

By the end of the day you will have built a fully-functioning private CA—with multiple intermediate CAs and revocation—using a method that you can easily replicate.

Target Audience

This course is for system administrators, developers, and IT security professionals who wish to learn the theory and practice of Internet PKI.

  • Level:​ Intermediate
  • Duration:​ 1 day
  • Extras:​ Lunch and refreshments included

About a month prior to the course we'll send you a digital copy of Bulletproof SSL and TLS, our comprehensive guide to SSL/TLS and Internet PKI. You'll get the paper copy on the day. We'll also give you a bunch of exercises and a hardcopy of the slides.

Prerequisites

  • Basic Linux command line skills: moving about, invoking commands, editing configuration files
  • A laptop with a modern browser (Chrome or Firefox) and a SSH client, which you will only need to connect to your assigned virtual server.
  • You should be comfortable using a command-line editor.

We'll provide you with your own virtual server and a sample web application to work on throughout the course.

Course outline

Course Outline

  1. Introduction
  2. Standards

    1. X.509 certificates
    2. Certificate chains
    3. Name constraints
    4. Trust path building
    5. Validation process

  3. Internet PKI

    1. Certification Authorities
    2. Relying parties
    3. Certificate types (DV, EV, OV)
    4. Certificate lifecycle (validation, issuance, and revocation)
    5. CA/B Forum and its standards
    6. Weaknesses
    7. History of attacks

  4. Revocation

    1. CRL
    2. OCSP
    3. OCSP stapling
    4. CRLsets and OneCRL
    5. Short-lived certificates

  5. Defenses

    1. Certification Authority Authorization (CAA)
    2. Public Key Pinning
      1. Static pinning
      2. HPKP
      3. DNSSEC/DANE

  6. Certificate Transparency

  7. PKI ecosystem monitoring

    1. SSL Pulse
    2. Censys
    3. crt.sh

  8. Project: Building and deploying a realistic private CA

We will also provide you with many additional exercises that you can work on in your own time. You'll be able to ask us for help via email. And if you're already familiar with the basics, we'll challenge you with some of the advanced exercises on the day.

Scott Helme

Scott Helme is a security researcher, consultant and international speaker. He can often be found talking about web security and performance online and helping organisations better deploy both.

CodeNode

CodeNode is the UK's largest venue dedicated to Technology events and was designed to provide a space for Skills Matter's community of software professionals to come together and enjoy meetups, conferences, training and networking events. With fantastic transport links and located in the heart of London's Tech City, Codenode welcomes thousands of engineers each year, who come together to learn and share skills, exoerience and collaborate on projects.

CodeNode features six dedicated event spaces, a large break-out area, complete with fully-licensed bar, reliable wifi, plenty of power sockets, and 6 dedicated event and collaboration spaces.

H0ychpcrxfvcdujzguuq

CodeNode

10 South Place, London, EC2M 7EB, GB


View details, travel and nearby hotels

To discuss sponsorship opportunities please contact the team:

Hold tight, skillscasts coming soon!

 

Overview

Spend a full day to understand both the theory and practice of Internet PKI. Based on the book Bulletproof SSL and TLS. We’ll start with the basics and the theory, then discuss how the PKI is implemented in the real world, and finish with a practical example of a realistic private certification authority. The course is taught in small classes.

Why This Course is for You

  • Learn about key PKI standards and formats
  • Understand where practice differs from theory
  • Analyze certificate lifecycle in detail
  • Evaluate PKI weaknesses and how they affect you
  • Deploy robust protection using public key pinning
  • Learn about what's coming in the future
  • Practise what you've learned

By the end of the day you will have built a fully-functioning private CA—with multiple intermediate CAs and revocation—using a method that you can easily replicate.

Target Audience

This course is for system administrators, developers, and IT security professionals who wish to learn the theory and practice of Internet PKI.

  • Level:​ Intermediate
  • Duration:​ 1 day
  • Extras:​ Lunch and refreshments included

About a month prior to the course we'll send you a digital copy of Bulletproof SSL and TLS, our comprehensive guide to SSL/TLS and Internet PKI. You'll get the paper copy on the day. We'll also give you a bunch of exercises and a hardcopy of the slides.

Prerequisites

  • Basic Linux command line skills: moving about, invoking commands, editing configuration files
  • A laptop with a modern browser (Chrome or Firefox) and a SSH client, which you will only need to connect to your assigned virtual server.
  • You should be comfortable using a command-line editor.

We'll provide you with your own virtual server and a sample web application to work on throughout the course.

Programme

Course outline

Course Outline

  1. Introduction
  2. Standards

    1. X.509 certificates
    2. Certificate chains
    3. Name constraints
    4. Trust path building
    5. Validation process

  3. Internet PKI

    1. Certification Authorities
    2. Relying parties
    3. Certificate types (DV, EV, OV)
    4. Certificate lifecycle (validation, issuance, and revocation)
    5. CA/B Forum and its standards
    6. Weaknesses
    7. History of attacks

  4. Revocation

    1. CRL
    2. OCSP
    3. OCSP stapling
    4. CRLsets and OneCRL
    5. Short-lived certificates

  5. Defenses

    1. Certification Authority Authorization (CAA)
    2. Public Key Pinning
      1. Static pinning
      2. HPKP
      3. DNSSEC/DANE

  6. Certificate Transparency

  7. PKI ecosystem monitoring

    1. SSL Pulse
    2. Censys
    3. crt.sh

  8. Project: Building and deploying a realistic private CA

We will also provide you with many additional exercises that you can work on in your own time. You'll be able to ask us for help via email. And if you're already familiar with the basics, we'll challenge you with some of the advanced exercises on the day.

Scott Helme

Scott Helme is a security researcher, consultant and international speaker. He can often be found talking about web security and performance online and helping organisations better deploy both.

Venue

CodeNode

CodeNode is the UK's largest venue dedicated to Technology events and was designed to provide a space for Skills Matter's community of software professionals to come together and enjoy meetups, conferences, training and networking events. With fantastic transport links and located in the heart of London's Tech City, Codenode welcomes thousands of engineers each year, who come together to learn and share skills, exoerience and collaborate on projects.

CodeNode features six dedicated event spaces, a large break-out area, complete with fully-licensed bar, reliable wifi, plenty of power sockets, and 6 dedicated event and collaboration spaces.

H0ychpcrxfvcdujzguuq

CodeNode

10 South Place, London, EC2M 7EB, GB


View details, travel and nearby hotels
Sponsors

To discuss sponsorship opportunities please contact the team:

Skillscasts

Hold tight, skillscasts coming soon!