AppSec California 2015

HTTPS/SSL/TLS has been under fire for years. BEAST, CRIME, problems with the weakness of the CA system, problems with various versions of the protocol - and more - have plagued HTTPS to be less than satisfactory, at best, as a transport security protocol. Some of the most popular algorithms used to secure communications are getting close to their end of life. Proper protection of information in the upcoming years will require adoption of new technology and standards.

Recent enhancements in browsers have made encryption in transit over the web viable for the first time in history and it’s imperative that everyone understand them. This presentation will start by reviewing some of the most recent cases related to security protocols flaws and weaknesses of cryptografic standards that should be proactively phased out. This pragmatic presentation will then discuss possible mitigations and their limitations, along with valuable implementation advice.