Cryptography is all around us. It has become something like the background radiation of the networked world. We use it on a daily basis. Since nothing usually comes into existence by mistake, there must be someone responsible for deploying this crypto stuff. You are right. Software developers, mathematicians, engineers, system administrators, and many more people are involved to make encryption happen. The hard part is to get it right. The mathematics involved is hard. A lot can go wrong. This is why we have a workshop for you at DeepSec 2016!
If you answer one of these question with “yes”, you should consider to take part in the Deploying Secure Applications with TLS training. This training will not only introduce you to a few commands to handle specific attacks. It gives an introduction to the TLS protocol itself and presents different methods how to properly analyse TLS traffic. This training explains basic concepts behind well-known attacks like BEAST, CRIME or DROWN, and shows why is it necessary to mitigate these attacks. Specific tools to test configurations of your TLS server will also be presented.
The topics of this training include:
- Short intro to cryptography
- Internet protocol suite
- TLS protocol
- TLS attacks
- TLS implementations
- Securing TLS configuration
- Security evaluation with specific tools
We highly recommend this training for you. Most modern technologies have cryptography included. In turn this means that you absolutely have to deal with the challenges of TLS and beyond. It is not necessary to become a full fledged mathematician. However you have to know what you are doing. DeepSec is well-known for its in-depth trainings, and this is a prime example. Don’t miss the opportunity!
Dr. Juraj Somorovsky is a security researcher at Ruhr University Bochum, and co-founder of Hackmanit GmbH. He is a co-author of several TLS attacks (e.g., DROWN), and the main developer of a flexible tool for TLS analyses: TLS-Attacker.
He presented his work at many scientific and industry conferences, including Usenix Security, Black Hat, DeepSec, and OWASP Europe.