SSL/TLS Security Lab

Learning objectives

The participants will gain a deeper understanding of the various versions of the SSL and TLS protocols. The historic development of the protocols will be explained together with their associated strengths and weaknesses. By using the current specification of TLS Version 1.3, we will look into the future in order to recognize trends and further developments. The various known attacks on SSL and TLS will be explained with reference to theoretical principles and practical exercises. Alongside the attacks, measures to protect one’s own infrastructure will be introduced.

The exercises will be done on www.hacking-lab.com. Following the course, the labor environment is available to the participants for 30 days more

Demarcation: The course focuses on SSL/TLS and the known attacks associated with them. The fundamentals of RSA, AES, Diffie-Hellman and operating modes of block encryptions are not subject of the course.

Highlights

  • Introductions of the various protocols
    • SSL v3
    • TLS 1.0
    • TLS 1.1
    • TLS 1.2
    • TLS 1.3 and relevant innovations
  • Known attacks on SSL/TLS
    • “Padding Oracle“ attacks
    • BEAST
    • Compression attacks
    • Side channel attacks
    • Heartbleed
  • Datagram Transport Layer Security (DTLS)
  • Secure configuration of an Apache HTTP Server (HPKP, HSTS)
  • Inspection proxies
  • Public Key Infrastructure

                              Target group

                              • Security Officers
                              • Technology Officers
                              • Operators of Infrastructures
                              • Developers of E-Business Applications

                               Prerequisite

                              • Familiarity with the Linux command line
                              • Basic knowledge of cryptography
                              • TCP/UDP network technology

                              CALENDAR

                              New: Compass-Training "Internal Network and System Security" in Bern

                              In the 2-day seminar (in German) from February 11/12, 2020, you will get to know the most important basic concepts of IT security, attack tools and... Read more

                              KMU Swiss Forum 2020

                              The association «KMU Swiss» promotes the interaction between companies and specialists. He organises the annual KMU Swiss Forum. The next years motto... Read more

                              secIT 2020 – das IT Frühlings-Highlight in Hannover

                              Heise Medien lädt zur nächsten Veranstaltung der IT Security Branche ein. Im März 2020 öffnen die Tore der secIT zum dritten Mal. Wir sind vor Ort mit... Read more

                              ALL DATES

                              NEWS

                              Daten als Wettbewerbsvorteil

                              Das Basel Economic Forum ist das Wirtschaftsforum für die trinationale Metropolitanregion Basel und die Nordwestschweiz. Im November fand die 6.... Read more

                              Vulnerability in Apache Olingo OData 4.0

                              Compass analysts identified an XXE vulnerability in Apache Olingo OData 4.0. Read more

                              Vulnerability in totemodata

                              Fabio Poloni identified an XSS vulnerability in totemodata®. Read more

                              ARCHIVES

                              Compass Security Blog

                              Finding Active Directory attack paths using BloodHound

                              As a defender, you want to find and patch attack paths in your Active Directory environment. One cannot easily spot issues by looking at the Active Directory Users and Computers console, GPOs, etc.... mehr

                              Challenging Your Forensic Readiness with an Application-Level Ransomware Attack

                              Ransomware focuses on encrypting data on a filesystem-level, either locally on infected client systems or remotely on accessible file servers. However, what if ransomware would start encrypting data... mehr

                              ZUM BLOG