HTTPS and SSL/TLS have been under fire for years. In this session, we explore the impact of several attacks. We also discuss several new browser defenses to mitigate these attacks.
Abstract HTTPS/SSL/TLS has been under fire for years. FREAK, POODLE, BEAST, and CRIME represent practical cryptographic attacks. Add to that an inherently weak CA system, and you end up with a large number of insecure HTTPS deployments.
However, recent browser-based defenses significantly improve the security properties of HTTPS. This session dives deep into the security properties of the HTTPS protocol. We explore problems with legacy features and their impact. And most important, we will talk about new defenses to improve your HTTPS deployment. You will walk away with a set of best practices to offer your users the most secure HTTPS experience possible.
This session is intended for anyone working on network-based applications.
