Topic: HTTPS/SSL/TLS has been under fire for years. BEAST, CRIME, problems with the weakness of the CA system, problems with various versions of the protocol - and more - have plagued HTTPS to be less than satisfactory, at best, as a transport security protocol. However, there is hope. Recent enhancements in browsers have made encryption in transit over the web viable for the first time in history. This talk with review the HTTPS protocol and describe how it works. Historical attacks and other legacy issues with HTTPS will be discussed. And most important, we will talk about what can be done today to ensure that your users will have the most secure HTTPS experience possible.
Speakers: Jim Manico & Cassio Goldschmidt
Jim Manico is an author and educator of developer security awareness trainings and has a 17 year history building software as a developer and architect. He is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and several secure coding projects. Jim has recently finished working on a book with Oracle-Press on Java Web Security called "Iron-Clad Java". For more information, see http://www.linkedin.com/in/jmanico
Cassio Goldschmidt is Principal Information Security Leader at Digital Insight and a globally recognized application security practitioner. Cassio is also known for his contributions to Open Web Application Security Project (OWASP), Software Assurance Forum for Excellence in Code (SAFECode), the Common Weakness Enumeration (CWE)/SysAdmin, Audit, Network, Security (SANS) Top 25 Most Dangerous Software Errors, along with contributing to the security education curriculum of numerous universities and industry certifications. Cassio was one of the three finalist in the (ISC)² Americas Information Security Leadership (ISLA) Awards 2011 in the Information Security Practitioner category and endowed with the special Community Service Star award during the same occasion. In 2012, Cassio was one of the finalists in the Web Application Security Person of the Year (WASPY) awards. He authored a chapter in the book “Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives”, holds a number of US patents and is a regular speaker at conferences worldwide.
Cassio holds a bachelor degree in computer science from Pontificia Universidade Catolica do Rio Grande Do Sul, a masters degree in software engineering from Santa Clara University, and a masters of business administration from the University of Southern California.