HTTPS is better than ever before. Now it’s your turn presented at OWASPAppSecEu 2015

by Jim Manico,

Summary : HTTPS/SSL/TLS has been under fire for years. BEAST, CRIME, POODLE, problems with the inherent weaknesses of the CA system, problems with various versions of the protocol – and more – have plagued HTTPS to be less than satisfactory, at best, as a transport security protocol. However, there is hope. Recent enhancements in browsers have made encryption in transit over the web rigorous and “secure” for the first time in history. This talk will review the HTTPS protocol and describe how it works. Historical attacks and other legacy issues with HTTPS will be discussed. And most important, we will talk about what can be done today to ensure that your users will have the most secure HTTPS experience possible including certificate stapling, ephemeral cipher suites, browser and mobile based certificate pinning, and more. Various guidelines will be provided based on which browsers you need to support. 2015 is the year of GOOD HTTPS STANDARDS, now it’s your turn enhance your HTTPS posture in your websites!