T2W4-Myths about the HTTPS Lock - Building & Breaking PKI masterclass presented at BSidesUK 2015

by Yousif Hussin,

Summary : We've been taught that if we see that secure-lock icon while web-browsing then our connection is secure. Is that really true? This masterclass will go through the dirty details of HTTPS operations. Successful attacks on CAs PKI systems and recommendations for secure use of Digital Certificates will be discussed. Open-source cryptography APIs and open-source enterprise class implementation of a PKI system will be demonstrated while discussing the complexity of implementing such a system. My own experience with large-scale PKI systems will be shared and discussed as well