HTTPS Best Practices presented at ISSA 2015

by Jim Manico,

Summary : HTTPS/SSL/TLS has been under fire for years. FREAK, POODLE, BEAST, CRIME, problems with the weakness of the CA system, problems with various versions of the protocol - and more - have plagued HTTPS to be less than satisfactory, at best, as a transport security protocol. However, there is hope. Recent enhancements in browsers have made encryption in transit over the web viable for the first time in history. This talk with review the HTTPS protocol and describe how it works. Historical attacks and other legacy issues with HTTPS will be discussed. And most important, we will talk about what can be done today to ensure
that your users will have the most secure HTTPS experience possible.