03.WebApp103.pdf
(
14066 KB
)
Pobierz
Web Application Hacking/Security 103
W. Owen Redwood, Ph.D.
Offensive Computer Security 2.0
http://hackallthethings.com/
Outline
●
SSL / TLS and the Certificate Authority infrastructure
○
the basics
○
the history, the story
○
the flaws
○
important CA attacks
○
lessons learned (ignored)
●
SSL / TLS attacks
○
sslstrip
○
sslsniff
○
crypto attacks
■
BEAST (Browser Exploit Against SSL/TLS)
■
CRIME
What is SSL?
Secure Sockets Layer
developed by
Netscape
●
predecessor to
TLS
●
a cryptographic protocol that
provides secure communication over
the internet
●
Encryption @ the application layer
○
asymmetric cryptography for key
exchange
○
symmetric encryption for
confidentiality
○
message authentication codes for
message integrity
What is TLS?
Transport Layer Security
RFC 5246
●
successor to
SSL
○
but is derived from an early
version of
SSL!
●
a cryptographic protocol that
provides secure communication over
the internet
●
Encryption @ the application layer
○
asymmetric cryptography for key
exchange
○
symmetric encryption for
confidentiality
○
message authentication codes for
message integrity
(At a high level SSL and TLS are about
the same)
SSL / TLS uses
●
●
●
●
●
●
web browsing (HTTPS)
email
internet faxing (still exists???)
instant messaging
VOIP
etc...
Plik z chomika:
kufel_007
Inne pliki z tego folderu:
01.HW8.pdf
(436 KB)
01.WebApp101_102.pdf
(4501 KB)
03.WebApp103.pdf
(14066 KB)
Inne foldery tego chomika:
01.Intro
02.SecureC
03.Code_Auditing
04.Linux
05.Windows
Zgłoś jeśli
naruszono regulamin