SSL/TLS Security Lab

Learning objectives

The participants will gain a deeper understanding of the various versions of the SSL and TLS protocols. The historic development of the protocols will be explained together with their associated strengths and weaknesses. By using the current specification of TLS Version 1.3, we will look into the future in order to recognize trends and further developments. The various known attacks on SSL and TLS will be explained with reference to theoretical principles and practical exercises. Alongside the attacks, measures to protect one’s own infrastructure will be introduced.

The exercises will be done on www.hacking-lab.com. Following the course, the labor environment is available to the participants for 30 days more

Demarcation: The course focuses on SSL/TLS and the known attacks associated with them. The fundamentals of RSA, AES, Diffie-Hellman and operating modes of block encryptions are not subject of the course.

Highlights

  • Introductions of the various protocols
    • SSL v3
    • TLS 1.0
    • TLS 1.1
    • TLS 1.2
    • TLS 1.3 and relevant innovations
  • Known attacks on SSL/TLS
    • “Padding Oracle“ attacks
    • BEAST
    • Compression attacks
    • Side channel attacks
    • Heartbleed
  • Datagram Transport Layer Security (DTLS)
  • Secure configuration of an Apache HTTP Server (HPKP, HSTS)
  • Inspection proxies
  • Public Key Infrastructure

                              Target group

                              • Security Officers
                              • Technology Officers
                              • Operators of Infrastructures
                              • Developers of E-Business Applications

                               Prerequisite

                              • Familiarity with the Linux command line
                              • Basic knowledge of cryptography
                              • TCP/UDP network technology

                              CALENDAR

                              Basel Economic Forum 2019

                              The Basel Economic Forum is the economic forum for the trinational metropolitan region of Basel and northwestern Switzerland. The 6th event will take... Read more

                              New: Compass-Training "Internal Network and System Security" in Bern

                              In the 2-day seminar (in German) from February 11/12, 2020, you will get to know the most important basic concepts of IT security, attack tools and... Read more

                              KMU Swiss Forum 2020

                              The association «KMU Swiss» promotes the interaction between companies and specialists. He organises the annual KMU Swiss Forum. The next years motto... Read more

                              ALL DATES

                              NEWS

                              Vulnerability in totemodata

                              Fabio Poloni identified an XSS vulnerability in totemodata®. Read more

                              Gesundheitswesen: Ein leichtes Ziel für Hacker

                              «Heime & Spitäler» ist das Fachmedium für Entscheidungsträger von Schweizer Heimen und Spitäler. In der aktuellen Ausgabe beschreibt Compass Security... Read more

                              Vulnerablitity in VeloCloud™

                              Silas Bärtsch identified a vulnerability in VeloCloud™ (VMware), that allows a VeloCloud standard admin user to access user information of other... Read more

                              ARCHIVES

                              Compass Security Blog

                              Hacking Tools Cheat Sheet

                              Everyone knows: cheat sheets are cool! They are very useful if you already know the basics about a topic but you have to look up details when you are not sure about something. mehr

                              Introducing Web Vulnerabilities into Native Apps

                              Mobile applications nowadays make heavy use of WebViews in order to render their user interfaces. Frameworks such as PhoneGap / Apache Cordova are even used to implement most of the application's... mehr

                              ZUM BLOG