HTTPS and TLS Security Practices - Front Line Insights 2016

Explore modern HTTPS and TLS security practices in this comprehensive conference talk from AppSecUSA 2016. Dive into the challenges of implementing strong security for Internet-facing services, covering protocol-level vulnerabilities like FREAK, BEAST, CRIME, POODLE, and LOGJAM. Learn about the tradeoffs between modern network security requirements and legacy client interoperability. Discover how to apply these concepts to Apache and Nginx servers, mobile app web services, and non-browser infrastructure. Gain insights into Curve25519, ChaCha/Poly1305, LibSodium, BoringSSL, and LibreSSL. Understand the fundamentals of certificates, including ECDSA vs RSA, key sizes, ephemeral Diffie-Hellman, and validation types. Explore best practices such as certificate transparency, pinning, and strict transport security. Get updates on the OpenSSL 1.1 audit and access curated configuration guides for HTTPS and TLS implementation.

HTTPS & TLS in 2016: Security practices from the front lines - AppSecUSA 2016