We offer web security trainings for primarily two target audiences: First, developers who want to learn about web application security, Single Sign-On, TLS, XML, and web service technologies. Second, penetration testers who want to get an in-depth knowledge about web security. Our discussed topics are both known, and also usually unknown attacks, along with their countermeasures. Furthermore, we go into detail regarding solutions to automate security tests.

TLS is what turns "http" into "https". If data is encrypted and transmitted across the Internet, in most cases TLS (the successor of SSL) is used. Whether web, email, phone calls, chat, or VPN -- there is hardly a type of communication which cannot be encrypted using TLS.

Especially because TLS can be found almost everywhere, it is worthwhile to fully understand it and to analyze its security. The training will address the following questions, among others:

  • Which cryptographic basics do I need to understand? How are they used in TLS?
  • Which TLS implementations are available?
  • How do I generate my own TLS certificates?
  • What are the known TLS attacks? How can I protect my systems?
  • How do I configure my servers in a secure way?
  • What does the future hold for TLS?

Training Contents:

  • Short introduction to cryptography
  • TLS Protocol Flow
  • TLS Extensions
  • Certificates and Validation of Certificates
  • Attacks – Short overview: including BEAST, CRIME, Heartbleed and more
  • TLS Implementations
  • Secure Server Configuration
    • Apache HTTP Server (mod_ssl)
    • Apache Tomcat
  • Review of Your Own Server Configuration with Common Tools

Requirements: This course is designed for system administrators and developers with basic knowledge of SSL/TLS. You will learn which attacks are applicable to TLS and how they affect your own server. Afterwards, you will learn how to securely configure your own server and how to check a secure configuration with common tools.

Example: 15 Slides
Flyer: TLS Security

Contact: Dr. Juraj Somorovsky