An analysis of TLS handshake proxying

The latest version of the TLS protocol, TLS 1.3, was just released in August 2018. TLS 1.3 is faster and more secure than TLS 1.2. In this webinar we cover what’s new in TLS 1.3 and how to use it with NGINX, plus other new features in NGINX Open Source and NGINX Plus. Join this webinar to learn: - What’s new in TLS 1.3 and why it's faster and more secure than TLS 1.2 - How to use TLS 1.3 with NGINX Plus and NGINX Open Source - About two-stage rate limiting, simplified OpenID Connect, and 2x faster NGINX and ModSecurity WAF performance - More with a live demo of TLS 1.3 in action https://www.nginx.com/resources/webinars/tls-1-3-new-features-nginx-plus-r17-nginx-open-source-emea/

TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA

NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.Additional Sponsor InformationDuring our session we will be Raffling off a swag pack to live attendees. We'll also be offering 30% off our swag store that can be shared via social. Details below:URL: swag-nginx.com Code: DOCKERCON30 Value: 30% off

DockerCon Live 2020 - Securing Your Containerized Application with NGINX

Kevin Jones

Heartache and Heartbleed - 31c3

Nick Sullivan

In today’s world, you may not know if the hardware you are running software on is secure or not. How can you ensure that, regardless of the hardware security, the software stays protected? CloudFlare’s systems engineer, Nick Sullivan shares advanced techniques on how to protect your server software. These techniques include anti-reverse engineering methods, secure key management and designing a system for renewal.

Running Secure Server Software on Insecure Hardware Without Parachute

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2oA2uI5. Susheel Aroskar talks about Zuul Push, a scalable push notification service that handles millions of "always-on" persistent connections from all the Netflix apps running. He covers the design of the Zuul Push server and reviews the design details of the back-end message routing infrastructure that lets any Netflix microservice push notifications to any connected client. Filmed at qconnewyork.com. Susheel Aroskar works as a software engineer on the Cloud Gateway team at Netflix, which develops and operates Zuul, an API gateway that fronts all of the Netflix cloud traffic and handles more than 100 billion requests/day. Prior to Zuul, he worked on Netflix CDN's control plane in the cloud, which is responsible for steering more than a third of all North American peak evening internet traffic.

Scaling Push Messaging for Millions of Devices @Netflix

C4Media

On-demand recording: https://nginx.webex.com/nginx/lsr.php?RCID=82f9c75402528464d3625813e313f8a4 The new NGINX Microservices Reference Architecture (MRA) goes into depth on the entire architecture. Join this webinar to explore all three models in the MRA: the Proxy Model, the Router Mesh Model, and the Fabric Model. The Proxy Model gives you a leg up into microservices, including support for API gateways. The Router Mesh Model adds power, with a second server exclusively for microservices support. And the Fabric Model pairs an NGINX Plus instance with every microservice instance for secure SSL/TLS communications between service instances. Check out this webinar to learn about building a secure and scalable microservices app: * When to take the leap into deploying microservices * Why you should consider adopting the MRA for your app * How to choose a model that works for your app * How to start the process of converting a monolith to microservices

The 3 Models in the NGINX Microservices Reference Architecture

Botconf ppt

On demand version can be accessed at https://www.nginx.com/resources/webinars/mra-ama-part-7-circuit-breaker-pattern/ The circuit breaker pattern is an emerging standard for use in app development and deployment, particularly with microservices apps. Popular architectures such as Istio and linkerd use the circuit breaker pattern for resiliency. This pattern is an important component in what can become fully resilient, “self-healing” application architectures. In this webinar, we describe the use of the circuit breaker pattern with NGINX Plus, which has specific features that support the use of this pattern, and in the NGINX Microservices Reference Architecture. Attendees of the live webinar will have the opportunity to ask questions.

MRA AMA Part 7: The Circuit Breaker Pattern

The latest version of the TLS protocol, TLS 1.3, was just released in August 2018. TLS 1.3 is faster and more secure than TLS 1.2. In this webinar, we cover what’s new in TLS 1.3 and how to use it with NGINX, plus other new features in NGINX Open Source and NGINX Plus. Join this webinar to learn: - What’s new in TLS 1.3 and why it's faster and more secure than TLS 1.2 - How to use TLS 1.3 with NGINX Plus and NGINX Open Source - About two-stage rate limiting, simplified OpenID Connect, and 2x faster NGINX and ModSecurity WAF performance - More with a live demo of TLS 1.3 in action Watch On-demand: https://www.nginx.com/resources/webinars/tls-1-3-new-features-nginx-plus-r17-nginx-open-source/

Serverless for the Cloud Native Era with Fission

NATS

DEFCON 28: 21 Jump Server: Going Bastionless in the Cloud

Colin Estep

TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source

On-demand webinar: nginx.com/resources/webinars/monitoring-highly-dynamic-distributed-services-nginx-amplify In this webinar, we describe the challenges of monitoring highly dynamic and distributed systems, and show how NGINX Amplify can help. Cloud services, containers, and microservices provide flexibility of deployment, but conventional monitoring tools can't always keep up with rapidly changing systems. NGINX Amplify helps you overcome challenges in collecting logs and metrics and acting on the results. Join us in this webinar to discover: - The specific characteristics of distributed systems, immutable infrastructure, and systems that use a microservices architecture. - Why NGINX and NGINX Plus are the go-to application delivery solutions with popular with users of container technologies such as Docker and cloud technologies such as AWS. - What special challenges you may find in monitoring and managing containerized, distributed, and microservices-based systems. - How NGINX Amplify overcomes monitoring and management challenges.

Bridges and Tunnels: A Drive Through OpenStack Networking

markmcclain

NATS vs HTTP

Apcera

GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...

wallyqs

Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify

Keeping communication between your visitors and your website secure and confidential has never been more important. Data can be vulnerable to theft as it’s transferred to and from your website. One simple solution to this security threat is to encrypt your traffic with SSL (Secure Sockets Layer). SSL encryption ensures the data transferred between your visitors and your site is safe from data theft, and having SSL enabled can also boost your Google search rankings. CloudFlare has made it simple and easy to add SSL to your site: you don’t have to purchase a separate certificate or install anything. In this webinar CloudFlare’s solution engineer Peter Griffin explains the key features of SSL, and walks you through the simple process of getting SSL running on your site.

Overview of SSL: choose the option that's right for you

Slides from "Managing Secrets at scale" at Velocity EU 2015 Secrets come in many shapes and sizes: database API keys, database passwords, private keys. Distributing and managing these secrets is usually an afterthought. It's hard to get right, and can be very expensive if you get it wrong. In this session, we'll look at the core operations and properties that make up a good secret management system, and how these principals can be implemented

Managing secrets at scale

Alex Schoof

RSK sidechain

Oscar Guindzberg

Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare

Data and information security is crucial and essential for most of the IT environments. As data is more often stored in the cloud securing it becomes a non trivial challenge. IBM Advanced Crypto Service Provider (ACSP) is a solution that enables remote access to the IBM’s cryptographic coprocessors. Such approach allows for utilization of strong hardware based cryptography as a service (“cryptography as a service”) in distributed environments where data security cannot be guaranteed. ACSP is a “network hardware security module (NetHSM)” that provides access to cryptographic resources via IBM Common Cryptographic Architecture (CCA) interface and the PKCS#11 standard. More at https://ibm.box.com/v/acsp-vault-ibm-forum-2015 Video recording from that presentation can be found at https://vimeo.com/smartcoders/acsp-vault-ibm-forum-2015

What's hot (20)

Sullivan white boxcrypto-baythreat-2013

TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA

DockerCon Live 2020 - Securing Your Containerized Application with NGINX

Heartache and Heartbleed - 31c3

Running Secure Server Software on Insecure Hardware Without Parachute

Scaling Push Messaging for Millions of Devices @Netflix

The 3 Models in the NGINX Microservices Reference Architecture

Botconf ppt

MRA AMA Part 7: The Circuit Breaker Pattern

Serverless for the Cloud Native Era with Fission

DEFCON 28: 21 Jump Server: Going Bastionless in the Cloud

TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source

Bridges and Tunnels: A Drive Through OpenStack Networking

NATS vs HTTP

GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...

Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify

Overview of SSL: choose the option that's right for you

Managing secrets at scale

RSK sidechain

Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare

Viewers also liked

Metric and Dashboard

Chen Huang

Secure Socket Layer

Naveen Kumar

Aplication and Transport layer- a practical approach

Sarah R. Dowlath

Advanced Crypto Service Provider – cryptography as a service

SSL TLS Protocol

SSL/TLS

SSL-image

They always taught us that the only thing that can be pulled out from a SSL/TLS session using strong authentication and latest Perferct Forward Secrecy ciphersuites is the public key of the certificate exchanged during the handshake - an insufficient condition to place a MiTM attack without to generate alarms on the validity of the TLS connection and certificate itself. Anyway, this is not always true. In certain circumstances it is possible to derive the private key of server regardless of the size of the used modulus. Even RSA keys of 4096 bits can be factored at the cost of a few CPU cycles and computational resources. All that needed is the generation of a faulty digital signature from server, an event that can be observed when occurring certain conditions such as CPU overheating, RAM errors or other hardware faults. Because of these premises, devices like firewall, switch, router and other embedded appliances are more exposed than traditional IT servers or clients. During the talk, the author will explain the theory behind the attack, how common the factors are that make it possible and his custom pratical implementation of the technique. At the end, a proof-of-concept, able to work both in passive mode (i.e. only by sniffing the network traffic) and in active mode (namely, by participating directly in the establishment of TLS handshakes), will be released. (Source: Black Hat USA 2016, Las Vegas)

Recover A RSA Private key from a TLS session with perfect forward secrecy

Priyanka Aash

TLS/SSL MAC security flaw

Nate Lawson

Unified log-meetup-20160420

Oli Deakin

3429 How to transform your messaging environment to a secure messaging envi...

Robert Parker

Kubernetes в Avito - Евгений Ольков

AvitoTech

Two years ago enabling your site with SSL was a simple affair, buy a certificate or create your own, install it, then just remember to renew it every couple of years. Then, suddenly security holes are being found in SSL virtually every month , popular browsers stop connecting to your site to protect themselves, and you’re continually being told your users data is at risk. In this session we will discuss how it all went wrong and can go wrong again, then go through each step of requesting, generating and deploying a 4096 SHA-2 certificate to use in a keyfile by Domino, IBM Connections, IBM Sametime and other WebSphere products. If you work with these IBM products and need to secure them with confidence this session will show you how!

1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)

Gabriella Davis

Automation and ansible

Boaventura Rodrigues Neto

An introduction to MQTT - Pub / Sub for the masses

Dominik Obermaier

Best Practice TLS for IBM Domino

Jared Roberts

SSL

theekuchi

CCNA RS_NB - Chapter 5

Irsandi Hasan

Docker ansible-make-chef-puppet-unnecessary-minnihan

jbminn

Wireshark

ashiesh0007

Viewers also liked (20)

Metric and Dashboard

Secure Socket Layer

Aplication and Transport layer- a practical approach

Advanced Crypto Service Provider – cryptography as a service

SSL TLS Protocol

SSL/TLS

SSL-image

Recover A RSA Private key from a TLS session with perfect forward secrecy

TLS/SSL MAC security flaw

Unified log-meetup-20160420

3429 How to transform your messaging environment to a secure messaging envi...

Kubernetes в Avito - Евгений Ольков

1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)

Automation and ansible

An introduction to MQTT - Pub / Sub for the masses

Best Practice TLS for IBM Domino

SSL

CCNA RS_NB - Chapter 5

Docker ansible-make-chef-puppet-unnecessary-minnihan

Wireshark

Similar to An analysis of TLS handshake proxying

CNIT 141: 13. TLS

Sam Bowne

Many people think that using HTTPS to offer your site or service to clients makes you secure from eavesdroppers and people trying to manipulate your network traffic. Think again! In this presentation I'll dive into transport layer security. I'll elaborate on what you can achieve with SSL such as authentication, encryption and integrity and how you can achieve it. I'll talk about the client-server handshake, identity and trust, one-way and two-way SSL, keys and keystores and cipher suite choice. By means of several examples, I'll show what it can mean if you make the wrong choices in on premises and cloud scenario's. This presentation is relevant for anyone involved in securing connections between client and server using TLS and people interested in learning more about the topic of TLS in general.

All you need to know about transport layer security

Maarten Smeets

CNIT 141 13. TLS

Sam Bowne

CNIT 141: 13. TLS

Sam Bowne

020618 Why Do we Need HTTPS

Jackio Kwok

SecureSocketLayer.ppt

PranavUndre1

CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security

Jyothishmathi Institute of Technology and Science Karimnagar

Network Security Applications

Hatem Mahmoud

Secure socket layer

Nishant Pahad

Secure socket layer

Nishant Pahad

PPT ON WEB SECURITY BY MONODIP SINGHA ROY

Monodip Singha Roy

SECURE SOCKET LAYER ( WEB SECURITY )

Monodip Singha Roy

Data Security Essentials for Cloud Computing - JavaOne 2013

javagroup2006

Network Security_Module_2_Dr Shivashankar

Dr. Shivashankar

SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf

NiharikaDubey17

Security is a hot topic, especially with new laws concerning how to deal with personally identifiable information (PII) and the journey to the cloud many organisations are making. When implemented correctly, security measures can protect your company from people trying to spy on you or manipulate your systems. Security can be implemented at different layers. In this presentation I'll zoom in on webservices and which choices there are to make on the application layer and transport layer. This spans area's like authentication, keys/keystores, OWSM policy choices, WebLogic SSL configuration and cipher suite choices. Security measures are even more relevant in cloud integration scenario's since services might not just be accessible from your internal network. After this presentation, architects and developers will have a good idea on how to quickly get started with taking security measures.

Webservice security considerations and measures

Maarten Smeets

The Trusted Cloud Transfer Protocol (TCTP)

Mathias Slawik

Slides of the Webinar "SSL, impact and optimisation" INTRODUCTION What is SSL? The purpose of SSL History of SSL / TLS Overview of a TLS connection PART 1 What is the role of an SSL certificate? Levels of validation Options for certificates: SAN and Wildcard The certificate ordering process Certificate chain SSL algorithms: encryption & authentication Examples PART 2 TLS and IPV4 exhaustion HAProxy and SNI TLS impacts SSL offloading SEO Security of the SSL protocol

Webinar SSL English

SSL247®

Secure Socket Layer (SSL)

Samip jain

An Introduction to DANE - Securing TLS using DNSSEC

Carlos Martinez Cagnazzo

Similar to An analysis of TLS handshake proxying (20)

CNIT 141: 13. TLS

All you need to know about transport layer security

CNIT 141 13. TLS

CNIT 141: 13. TLS

020618 Why Do we Need HTTPS

SecureSocketLayer.ppt

CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security

Network Security Applications

Secure socket layer

PPT ON WEB SECURITY BY MONODIP SINGHA ROY

SECURE SOCKET LAYER ( WEB SECURITY )

Data Security Essentials for Cloud Computing - JavaOne 2013

Network Security_Module_2_Dr Shivashankar

SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf

Webservice security considerations and measures

The Trusted Cloud Transfer Protocol (TCTP)

Webinar SSL English

Secure Socket Layer (SSL)

An Introduction to DANE - Securing TLS using DNSSEC

Recently uploaded

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Screen flow is a powerful automation tool that is commonly designed for internal and external users. However, what about the guest users? We will dive into various methods of launching screen flows and understand how to make them publicly accessible, extending their usability to a broader audience. The presentation will also cover the implementation of security layers and highlight best practices for a smooth and protected user experience. Discover the potential of screen flows beyond conventional use and learn how to leverage them effectively.

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

CzechDreamin

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

New customer? New industry? New cloud? New team? A lot to handle! How to ensure the success of the project? Start it well! I've created the 3 areas of focus at the beginning of the project that helped me in multiple roles (BA, PO, and Consultant). Learn from real-world experiences and discover how these insights can empower you to deliver unparalleled value to your customers right from the project's start.

Powerful Start- the Key to Project Success, Barbara Laskowska

CzechDreamin

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

IESVE for Early Stage Design and Planning

IES VE

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

IoT Analytics Company Presentation May 2024

IoTAnalytics

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

JMeter webinar - integration with InfluxDB and Grafana

RTTS

In this session, we will showcase how to revolutionize automated testing for your software, automation, and QA teams with UiPath Test Suite. In part 1 of UiPath test automation using UiPath Test Suite – developer series, we will cover, Software testing overview What is software testing Why software testing is required Typical test types and levels Continuous testing and challenges Introduction to UiPath Test Suite UiPath Test Suite family of products Speaker: Atul Trikha, Chief Technologist & Solutions Architect, Peraton and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 1

DianaGray10

Intrigued by why some of the world's largest companies (Netflix, Google, Cisco, Twitter, Uber etc) are using gRPC? In this demo based talk we delve into the world of gRPC in .Net, what it does and why we should use it. We compare the interface with both Rest and graphQL. We will show you how to implement grpc server-side in .net and in the web. Finally, I will show you how the tooling helps you deliver powerful interfaces and interact with them quickly and simply.

Demystifying gRPC in .Net by John Staveley

John Staveley

How to differentiate Sales Cloud and CPQ on first glance might be tricky if you do not know where to look and what to look at. You will know :-) Managing the sales process within Salesforce is a common use case that can be managed with standart Sales Cloud. If you want to do entire quoting process you will find out Salesforce CPQ solution exists. What is then the difference if both can handle selling products? You will see comparison of 10 different features, which Sales Cloud and Salesforce CPQ handle differently. Simple question you will always remember if you should consider using Salesforce CPQ will be a cherry on top.

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

CzechDreamin

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...