Proactively defending your business against security protocol attacks and implementation flaws presented at AppSecCalifornia 2015

by Jim Manico, Cassio Goldschmidt,

Summary : HTTPS/SSL/TLS has been under fire for years. BEAST, CRIME, problems with the weakness of the CA system, problems with various versions of the protocol - and more - have plagued HTTPS to be less than satisfactory, at best, as a transport security protocol. Some of the most popular algorithms used to secure communications are getting close to their end of life. Proper protection of information in the upcoming years will require adoption of new technology and standards.
Recent enhancements in browsers have made encryption in transit over the web viable for the first time in history and it’s imperative that everyone understand them. This presentation will start by reviewing some of the most recent cases related to security protocols flaws and weaknesses of cryptografic standards that should be proactively phased out. This pragmatic presentation will then discuss possible mitigations and their limitations, along with valuable implementation advice.