YoVDO

HVLearn - Automated Black-Box Analysis of Hostname Verification in SSL-TLS Implementations

Offered By: IEEE via YouTube

Tags

Black Box Testing Courses Cybersecurity Courses Software Testing Courses Regular Languages Courses

Course Description

Overview

Explore an automated black-box analysis technique for hostname verification in SSL/TLS implementations through this IEEE conference talk. Dive into the HVLearn framework, which utilizes automata learning algorithms to test and analyze various SSL/TLS libraries and applications. Understand the importance of hostname verification in certificate validation, the challenges involved in testing complex implementations, and how HVLearn leverages certificate templates and Deterministic Finite Automaton (DFA) models to identify discrepancies and potential vulnerabilities. Learn about the framework's effectiveness in achieving higher code coverage compared to existing fuzzing techniques and discover the critical violations of RFC specifications uncovered during testing. Gain insights into topics such as POS host notification, subject autotuned name, terminal learning, testing paths and certificates, model comparison, and international domain name handling in SSL/TLS implementations.

Syllabus

Introduction
Background
POS Host Notification
Subject Autotuned Name
Testing Approach
Terminal Learning
Testing Paths
Testing Certificate
How to Inspect
Model Comparison
Evaluation
Comparison
Resolution
IFC violation
International domain name
Cache sensitive vs insensitive matching


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Security Principles
(ISC)² via Coursera
A Strategic Approach to Cybersecurity
University of Maryland, College Park via Coursera
FinTech for Finance and Business Leaders
ACCA via edX
Access Control Concepts
(ISC)² via Coursera
Access Controls
(ISC)² via Coursera