Secure Socket Layer

Secure Socket Layer

Audience

This course is aimed at analysts, developers, and engineers. Web security will be described in a language-independent way, but examples will be used from Java to illustrate concepts in practice.

Prerequisites

A basic background in programming with a mainstream programming language will be helpful but is not necessary.

Duration

1 day.

Course Objectives

This course will introduce modern web security, with a focus on HTTPS and the Secure Socket Layer (SSL) standard. In the age of the modern web application, security has to be taken very seriously. Applications written to work without an eye for security - storing information in cookies and plain-text HTTP - can leak sensitive user information and cause enormous business risk.

This is a deep, one-day introduction intended to get IT managers and analysts from a basic understanding of cryptography to a complete understanding of security in the modern web stack. The instructor has over a decade of experience working with web application design and development. We will use examples from real life to illustrate the instruction.

At the end of this course, attendees will:

  • Understand the need for web security, and the different techniques available to secure web applications
  • Learn the basics of modern cryptography, including encryption algorithms, public key infrastructure, hashing, and the underlying theory from discrete mathematics
  • Gain knowledge of protocol-level security mechanisms, attack vectors, and best practices, with a focus on HTTPS and SSL.

Course Content

Introduction to Cryptography

  • What is Cryptography
  • Underlying Theory: Discrete Math
  • Use Cases and Benefits
  • History of Cryptography Algorithms
  • Illustration of weak encryption basic ciphers
  • Illustration of encrypting messages with PGP
  • Context in Web Security

Public Key Encryption

  • Symmetric Key Algorithms
  • Asymmetric Key Algorithms
  • Block vs. Stream Ciphers
  • Evaluating strength of an algorithm
  • Need for Public Key Infrastructure
  • The concept of a Certificate Authority
  • Alternative: Web of Trust
  • Modern Certificate Authorities

Encryption Algorithms

  • ROT13, for illustration
  • DES / AES
  • MD5
  • SHA-1 / SHA-256
  • HMAC-*
  • DSA / RSA
  • Java code example for RSA

SSL / TLS

  • SSL 3.0
  • TLS 1.0 / 1.1
  • TLS 1.2
  • Stepping through a TLS Handshake
  • Error Conditions
  • Code illustrating SSL/TLS in practice
  • Modern usability problems surrounding web security

Virtual Courses

ALL of our courses can be delivered virtually. And our Bath public schedule of courses are now available as live virtual sessions, using the popular Zoom Virtual Classroom and remote labs. Delegates can test their access at: www.zoom.us/test

On-Site Courses

Can't attend one of our public classes? Booking for multiple people?

All our courses are available on your site! Delivered for your staff, at your premises.

Contact us to find out more...