SlideShare a Scribd company logo
Sinn und UnsinnSinn und Unsinn
von SSLvon SSL
PHP Usergroup FrankfurtPHP Usergroup Frankfurt
18.09.201418.09.2014
https://www.flickr.com/photos/vonderauvisuals/9778832892https://www.flickr.com/photos/vonderauvisuals/9778832892
Walter EbertWalter Ebert
Mehr Sicherheit
Mehr Sicherheit
Mehr besser?
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#SSL_vs._TLShttps://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#SSL_vs._TLS
Verschlüsselung
n
Identitätsprüfung
g
wQ
Q
)
w
http://www.golem.de/1108/86079.htmlhttp://www.golem.de/1108/86079.html
Google I/O 2014: HTTPS Everywhere
„Data delivered over an unencrypted channel is
insecure, untrustworthy, and trivially intercepted. We
must protect the security, privacy, and integrity of
our users data. In this session we will take a hands-on
tour of how to make your websites secure by default:
the required technology, configuration and
performance best practices, how to migrate your sites
to HTTPS and make them user and search friendly,
and more. Your users will thank you.“
https://www.youtube.com/watch?v=cBhZ6S0PFCY
https://developers.google.com/speed/spdy/
http://caniuse.com/#feat=spdy
https://twitter.com/mnot/status/400564763559620608https://twitter.com/mnot/status/400564763559620608
http://googlewebmastercentral.blogspot.de/2014/08/https-as-ranking-signal.htmlhttp://googlewebmastercentral.blogspot.de/2014/08/https-as-ranking-signal.html
https://twitter.com/Souders/status/349214019070078977https://twitter.com/Souders/status/349214019070078977
https://www.eff.org/https-everywherehttps://www.eff.org/https-everywhere
https://www.drupal.org/node/1866974https://www.drupal.org/node/1866974
https://twitter.com/jquery/status/494922194351181824https://twitter.com/jquery/status/494922194351181824
http://heartbleed.com/http://heartbleed.com/
https://www.ssllabs.com/ssltest/
http://www.webpagetest.org/result/130616_3E_A0H/1/details/
Ladezeiten
HTTP(S)
<script src="//connect.facebook.net/de_DE/all.js"></script>
HTTP(S)
<script src="//connect.facebook.net/de_DE/all.js" async defer></script>
https://www.igvita.com/2014/05/20/script-injected-async-scripts-considered-harmful/
Content Security Policy (CSP)
# Apache
Header set Content-Security-Policy "default-src https:"
# Nginx
add_header Content-Security-Policy "default-src https:";
https://www.owasp.org/index.php/Content_Security_Policy
HTTP Strict Transport Security
(HSTS)
# Apache
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
# Nginx
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
Lokale Entwicklungsumgebung
http://dev.walterebert.de/
-
https://dev.walterebert.de/
HSTS
# Apache
Header always set Strict-Transport-Security "max-age=31536000"
# Nginx
add_header Strict-Transport-Security "max-age=31536000";
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security#Excessively_Strict_STS
Public Key Pinning
Header set Public-Key-Pins "max-age=2592000; 
pin-sha256=E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=; 
pin-sha256=LPJNul+wow4m6DsqxbninhsWHlwfp0JecwQzYpOLmCQ=; 
includeSubDomains; 
report-uri=http://example.com/pkp-report.php"
https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
Server Name Indication (SNI)
Mehrere Domains unter einer IP-Adresse
https://de.wikipedia.org/wiki/Server_Name_Indication
https://www.ssllabs.com/ssltest/analyze.html?d=walterebert.de&hideResults=on
Android 2.3
Internet Explorer
auf Windows XP
$ php -r "echo file_get_contents('https://s.walterebert.com/');"
$ php -a
Interactive mode enabled
php > echo file_get_contents("https://s.walterebert.com/");
<?php $client = new SoapClient("some.wsdl");
$ http https://s.walterebert.com/
http: error: SSLError: hostname 's.walterebert.com' doesn't
match either of 'www.walterebert.de', 'walterebert.de'
Nicht nur Browser
https://www.mnot.net/blog/2014/05/09/if_you_can_read_this_youre_sniing
PHP 5.3.2: Added SNI_enabled and SNI_server_name
Webservices, RSS-Reader, Webcrawler, Monitoring, ...
Fehlermeldung für veraltete Clients
SSLStrictSNIVHostCheck on
ErrorDocument 403 "TLS SNI Required."
Listen 443
<VirtualHost *:443>
...
SSLStrictSNIVHostCheck on
<Directory ...>
ErrorDocument 403 default
SSLRequireSSL
SSLOptions +StrictRequire
</Directory>
</VirtualHost>
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
Perfect Forward Secrecy
https://de.wikipedia.org/wiki/Perfect_Forward_Secrecy
https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
Langzeitschlüssel -> Sitzungsschlüssel
PHP Sessions
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 1);
http://de.php.net/manual/de/session.configuration.php
PHP Cookies
setcookie(
$name,
$value,
0, // expire
'/',
'', // domain
true, // secure
true // httponly
);
http://de.php.net/manual/de/function.setcookie.php
PHP cURL
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, 'PHP ' . PHP_VERSION);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec($ch);
curl_close($ch);
http://de.php.net/manual/de/book.curl.php
PHP cURL
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, 'PHP ' . PHP_VERSION);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$data = curl_exec($ch);
curl_close($ch);
http://de.php.net/manual/de/function.curl-setopt.php
:-S
PHP cURL
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, 'PHP ' . PHP_VERSION);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_CAINFO, '/etc/ssl/ca-bundle.pem');
$data = curl_exec($ch);
curl_close($ch);
http://de.php.net/manual/de/function.curl-setopt.php
PHP Streams
$uri = 'https://walterebert.de/';
$ctx = stream_context_create(array('ssl' => array(
'verify_peer' => true,
'cafile' => '/etc/ssl/ca-bundle.pem',
'CN_match' => 'walterebert.de'
)));
$data = file_get_contents($uri, FALSE, $ctx);
https://wiki.php.net/rfc/tls-peer-verification
PHP 5.6
$uri = 'https://walterebert.de/';
$cafile = '/etc/ssl/ca-bundle.pem';
ini_set('openssl.cafile', $cafile);
$data = file_get_contents($uri);
// oder
$ctx = stream_context_create(['ssl'=>['cafile'=>$cafile]]);
$data = file_get_contents($uri, FALSE, $ctx);
https://wiki.php.net/rfc/tls-peer-verification
Links
https://www.owasp.org/index.php/SSL_TLS_Knowledge_Center
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
https://www.eff.org/https-everywhere/deploying-https
https://www.ssllabs.com/ssltest/
https://www.ssllabs.com/projects/best-practices/
https://istlsfastyet.com/
http://chimera.labs.oreilly.com/books/1230000000545/ch04.html
https://httpd.apache.org/docs/current/ssl/ssl_howto.html
http://nginx.com/blog/nginx-ssl/
Walter Ebert
@wltrd
walterebert.de
slideshare.net/walterebert

More Related Content

What's hot

Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFish
Markus Eisele
 
Content Security Policy
Content Security PolicyContent Security Policy
Content Security Policy
Ryan LaBouve
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL Attacks
Akash Mahajan
 
Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web
Tecnologias Open Source para  Alta Disponibilidade e Segurança de Aplicações WebTecnologias Open Source para  Alta Disponibilidade e Segurança de Aplicações Web
Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web
Alexandro Silva
 
Segurança da era do ssl everywhere
Segurança da era do ssl everywhereSegurança da era do ssl everywhere
Segurança da era do ssl everywhere
rodolfovillordo
 
Http security response headers
Http security response headers Http security response headers
Http security response headers
mohammadhosseinrouha
 
Site Security Policy - Yahoo! Security Week
Site Security Policy - Yahoo! Security WeekSite Security Policy - Yahoo! Security Week
Site Security Policy - Yahoo! Security Week
guest9663eb
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Ömer Çıtak
 
Preventing XSS with Content Security Policy
Preventing XSS with Content Security PolicyPreventing XSS with Content Security Policy
Preventing XSS with Content Security Policy
Ksenia Peguero
 
HTTP Security Headers
HTTP Security HeadersHTTP Security Headers
HTTP Security Headers
Ismael Goncalves
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community
 
Security in the IoT generation - Guy Rombaut - Codemotion Amsterdam 2017
Security in the IoT generation - Guy Rombaut - Codemotion Amsterdam 2017Security in the IoT generation - Guy Rombaut - Codemotion Amsterdam 2017
Security in the IoT generation - Guy Rombaut - Codemotion Amsterdam 2017
Codemotion
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
drewz lin
 
Now you can trust the browser - Ben Gidley, Tim Charman - Codemotion Amsterda...
Now you can trust the browser - Ben Gidley, Tim Charman - Codemotion Amsterda...Now you can trust the browser - Ben Gidley, Tim Charman - Codemotion Amsterda...
Now you can trust the browser - Ben Gidley, Tim Charman - Codemotion Amsterda...
Codemotion
 
Content Security Policy - The application security Swiss Army Knife
Content Security Policy - The application security Swiss Army KnifeContent Security Policy - The application security Swiss Army Knife
Content Security Policy - The application security Swiss Army Knife
Scott Helme
 
CONFidence 2018: Defense-in-depth techniques for modern web applications and ...
CONFidence 2018: Defense-in-depth techniques for modern web applications and ...CONFidence 2018: Defense-in-depth techniques for modern web applications and ...
CONFidence 2018: Defense-in-depth techniques for modern web applications and ...
PROIDEA
 
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)
Ömer Çıtak
 
Session#1
Session#1Session#1
HARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVERHARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVER
Utah Networxs Consultoria e Treinamento
 
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım GüvenliğiBünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
CypSec - Siber Güvenlik Konferansı
 

What's hot (20)

Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFish
 
Content Security Policy
Content Security PolicyContent Security Policy
Content Security Policy
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL Attacks
 
Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web
Tecnologias Open Source para  Alta Disponibilidade e Segurança de Aplicações WebTecnologias Open Source para  Alta Disponibilidade e Segurança de Aplicações Web
Tecnologias Open Source para Alta Disponibilidade e Segurança de Aplicações Web
 
Segurança da era do ssl everywhere
Segurança da era do ssl everywhereSegurança da era do ssl everywhere
Segurança da era do ssl everywhere
 
Http security response headers
Http security response headers Http security response headers
Http security response headers
 
Site Security Policy - Yahoo! Security Week
Site Security Policy - Yahoo! Security WeekSite Security Policy - Yahoo! Security Week
Site Security Policy - Yahoo! Security Week
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
 
Preventing XSS with Content Security Policy
Preventing XSS with Content Security PolicyPreventing XSS with Content Security Policy
Preventing XSS with Content Security Policy
 
HTTP Security Headers
HTTP Security HeadersHTTP Security Headers
HTTP Security Headers
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
 
Security in the IoT generation - Guy Rombaut - Codemotion Amsterdam 2017
Security in the IoT generation - Guy Rombaut - Codemotion Amsterdam 2017Security in the IoT generation - Guy Rombaut - Codemotion Amsterdam 2017
Security in the IoT generation - Guy Rombaut - Codemotion Amsterdam 2017
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
 
Now you can trust the browser - Ben Gidley, Tim Charman - Codemotion Amsterda...
Now you can trust the browser - Ben Gidley, Tim Charman - Codemotion Amsterda...Now you can trust the browser - Ben Gidley, Tim Charman - Codemotion Amsterda...
Now you can trust the browser - Ben Gidley, Tim Charman - Codemotion Amsterda...
 
Content Security Policy - The application security Swiss Army Knife
Content Security Policy - The application security Swiss Army KnifeContent Security Policy - The application security Swiss Army Knife
Content Security Policy - The application security Swiss Army Knife
 
CONFidence 2018: Defense-in-depth techniques for modern web applications and ...
CONFidence 2018: Defense-in-depth techniques for modern web applications and ...CONFidence 2018: Defense-in-depth techniques for modern web applications and ...
CONFidence 2018: Defense-in-depth techniques for modern web applications and ...
 
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)
 
Session#1
Session#1Session#1
Session#1
 
HARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVERHARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVER
 
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım GüvenliğiBünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
 

Viewers also liked

Web Performance Optimierung - DWX13
Web Performance Optimierung - DWX13Web Performance Optimierung - DWX13
Web Performance Optimierung - DWX13
Walter Ebert
 
(Responsive) Video
(Responsive) Video(Responsive) Video
(Responsive) Video
Walter Ebert
 
Web-Performance
Web-PerformanceWeb-Performance
Web-Performance
Walter Ebert
 
Responsive Design: Mehr als CSS
Responsive Design: Mehr als CSSResponsive Design: Mehr als CSS
Responsive Design: Mehr als CSS
Walter Ebert
 
Bilder einbinden ist kein Thema, oder?
Bilder einbinden ist kein Thema, oder?Bilder einbinden ist kein Thema, oder?
Bilder einbinden ist kein Thema, oder?
Walter Ebert
 
Die .htaccess richtig nutzen
Die .htaccess richtig nutzenDie .htaccess richtig nutzen
Die .htaccess richtig nutzen
Walter Ebert
 
Above the fold content
Above the fold contentAbove the fold content
Above the fold content
Walter Ebert
 
Responsive Videos, mehr oder weniger
Responsive Videos, mehr oder wenigerResponsive Videos, mehr oder weniger
Responsive Videos, mehr oder weniger
Walter Ebert
 
Content Security Policy - PHPUGFFM
Content Security Policy - PHPUGFFMContent Security Policy - PHPUGFFM
Content Security Policy - PHPUGFFM
Walter Ebert
 
High Performance Images
High Performance ImagesHigh Performance Images
High Performance Images
Walter Ebert
 
HTTPS + Let's Encrypt
HTTPS + Let's EncryptHTTPS + Let's Encrypt
HTTPS + Let's Encrypt
Walter Ebert
 
WordPress-Themes mit Twig entwickeln
WordPress-Themes mit Twig entwickelnWordPress-Themes mit Twig entwickeln
WordPress-Themes mit Twig entwickeln
Walter Ebert
 
Bilder usw...
Bilder usw...Bilder usw...
Bilder usw...
Walter Ebert
 
WordPress Multisite
WordPress MultisiteWordPress Multisite
WordPress Multisite
Walter Ebert
 
Mehr Performance für WordPress - WordCamp Köln
Mehr Performance für WordPress - WordCamp KölnMehr Performance für WordPress - WordCamp Köln
Mehr Performance für WordPress - WordCamp Köln
Walter Ebert
 
Mehr Performance für WordPress - WPFra
Mehr Performance für WordPress - WPFraMehr Performance für WordPress - WPFra
Mehr Performance für WordPress - WPFra
Walter Ebert
 
WordPress-Templates mit Twig erstellen - PHPUGFFM
WordPress-Templates mit Twig erstellen - PHPUGFFMWordPress-Templates mit Twig erstellen - PHPUGFFM
WordPress-Templates mit Twig erstellen - PHPUGFFM
Walter Ebert
 
WordPress mit Composer und Git verwalten
WordPress mit Composer und Git verwaltenWordPress mit Composer und Git verwalten
WordPress mit Composer und Git verwalten
Walter Ebert
 
Weniger aus Bilder holen
Weniger aus Bilder holenWeniger aus Bilder holen
Weniger aus Bilder holen
Walter Ebert
 

Viewers also liked (19)

Web Performance Optimierung - DWX13
Web Performance Optimierung - DWX13Web Performance Optimierung - DWX13
Web Performance Optimierung - DWX13
 
(Responsive) Video
(Responsive) Video(Responsive) Video
(Responsive) Video
 
Web-Performance
Web-PerformanceWeb-Performance
Web-Performance
 
Responsive Design: Mehr als CSS
Responsive Design: Mehr als CSSResponsive Design: Mehr als CSS
Responsive Design: Mehr als CSS
 
Bilder einbinden ist kein Thema, oder?
Bilder einbinden ist kein Thema, oder?Bilder einbinden ist kein Thema, oder?
Bilder einbinden ist kein Thema, oder?
 
Die .htaccess richtig nutzen
Die .htaccess richtig nutzenDie .htaccess richtig nutzen
Die .htaccess richtig nutzen
 
Above the fold content
Above the fold contentAbove the fold content
Above the fold content
 
Responsive Videos, mehr oder weniger
Responsive Videos, mehr oder wenigerResponsive Videos, mehr oder weniger
Responsive Videos, mehr oder weniger
 
Content Security Policy - PHPUGFFM
Content Security Policy - PHPUGFFMContent Security Policy - PHPUGFFM
Content Security Policy - PHPUGFFM
 
High Performance Images
High Performance ImagesHigh Performance Images
High Performance Images
 
HTTPS + Let's Encrypt
HTTPS + Let's EncryptHTTPS + Let's Encrypt
HTTPS + Let's Encrypt
 
WordPress-Themes mit Twig entwickeln
WordPress-Themes mit Twig entwickelnWordPress-Themes mit Twig entwickeln
WordPress-Themes mit Twig entwickeln
 
Bilder usw...
Bilder usw...Bilder usw...
Bilder usw...
 
WordPress Multisite
WordPress MultisiteWordPress Multisite
WordPress Multisite
 
Mehr Performance für WordPress - WordCamp Köln
Mehr Performance für WordPress - WordCamp KölnMehr Performance für WordPress - WordCamp Köln
Mehr Performance für WordPress - WordCamp Köln
 
Mehr Performance für WordPress - WPFra
Mehr Performance für WordPress - WPFraMehr Performance für WordPress - WPFra
Mehr Performance für WordPress - WPFra
 
WordPress-Templates mit Twig erstellen - PHPUGFFM
WordPress-Templates mit Twig erstellen - PHPUGFFMWordPress-Templates mit Twig erstellen - PHPUGFFM
WordPress-Templates mit Twig erstellen - PHPUGFFM
 
WordPress mit Composer und Git verwalten
WordPress mit Composer und Git verwaltenWordPress mit Composer und Git verwalten
WordPress mit Composer und Git verwalten
 
Weniger aus Bilder holen
Weniger aus Bilder holenWeniger aus Bilder holen
Weniger aus Bilder holen
 

Similar to Sinn und Unsinn von SSL

Rails security: above and beyond the defaults
Rails security: above and beyond the defaultsRails security: above and beyond the defaults
Rails security: above and beyond the defaults
Matias Korhonen
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation Security
Aman Singh
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
Devnology
 
Evolution Of Web Security
Evolution Of Web SecurityEvolution Of Web Security
Evolution Of Web Security
Chris Shiflett
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
Edouard de Lansalut
 
SSL Certificate and Code Signing
SSL Certificate and Code SigningSSL Certificate and Code Signing
SSL Certificate and Code Signing
Li-Wei Yao
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy Tales
OVHcloud
 
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
mdevtalk
 
Web application security
Web application securityWeb application security
Web application security
Ravi Raj
 
Top Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.NetTop Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.Net
alsmola
 
OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)
Shteryana Shopova
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Jeff Horwitz
 
Cm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protectionCm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protection
dcervigni
 
Uniface Lectures Webinar - Application & Infrastructure Security - Hardening ...
Uniface Lectures Webinar - Application & Infrastructure Security - Hardening ...Uniface Lectures Webinar - Application & Infrastructure Security - Hardening ...
Uniface Lectures Webinar - Application & Infrastructure Security - Hardening ...
Uniface
 
DVWA BruCON Workshop
DVWA BruCON WorkshopDVWA BruCON Workshop
DVWA BruCON Workshop
testuser1223
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Heroku
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
BU
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Next Generation DevOps in Drupal: DrupalCamp London 2014
Next Generation DevOps in Drupal: DrupalCamp London 2014Next Generation DevOps in Drupal: DrupalCamp London 2014
Next Generation DevOps in Drupal: DrupalCamp London 2014
Barney Hanlon
 

Similar to Sinn und Unsinn von SSL (20)

Rails security: above and beyond the defaults
Rails security: above and beyond the defaultsRails security: above and beyond the defaults
Rails security: above and beyond the defaults
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation Security
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
 
Evolution Of Web Security
Evolution Of Web SecurityEvolution Of Web Security
Evolution Of Web Security
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
 
SSL Certificate and Code Signing
SSL Certificate and Code SigningSSL Certificate and Code Signing
SSL Certificate and Code Signing
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy Tales
 
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
 
Web application security
Web application securityWeb application security
Web application security
 
Top Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.NetTop Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.Net
 
OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
Cm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protectionCm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protection
 
Uniface Lectures Webinar - Application & Infrastructure Security - Hardening ...
Uniface Lectures Webinar - Application & Infrastructure Security - Hardening ...Uniface Lectures Webinar - Application & Infrastructure Security - Hardening ...
Uniface Lectures Webinar - Application & Infrastructure Security - Hardening ...
 
DVWA BruCON Workshop
DVWA BruCON WorkshopDVWA BruCON Workshop
DVWA BruCON Workshop
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
Next Generation DevOps in Drupal: DrupalCamp London 2014
Next Generation DevOps in Drupal: DrupalCamp London 2014Next Generation DevOps in Drupal: DrupalCamp London 2014
Next Generation DevOps in Drupal: DrupalCamp London 2014
 

More from Walter Ebert

FrOSCon 2023: WordPress als ActivityPub-Instanz
FrOSCon 2023: WordPress als ActivityPub-InstanzFrOSCon 2023: WordPress als ActivityPub-Instanz
FrOSCon 2023: WordPress als ActivityPub-Instanz
Walter Ebert
 
Hero Video Performance - DrupalCamp Ruhr
Hero Video Performance - DrupalCamp RuhrHero Video Performance - DrupalCamp Ruhr
Hero Video Performance - DrupalCamp Ruhr
Walter Ebert
 
Sicherheit für WordPress
Sicherheit für WordPressSicherheit für WordPress
Sicherheit für WordPress
Walter Ebert
 
WordPress aufräumen - WordCamp Stuttgart
WordPress aufräumen - WordCamp StuttgartWordPress aufräumen - WordCamp Stuttgart
WordPress aufräumen - WordCamp Stuttgart
Walter Ebert
 
WordPress aufräumen
WordPress aufräumenWordPress aufräumen
WordPress aufräumen
Walter Ebert
 
Hero Video Performance
Hero Video PerformanceHero Video Performance
Hero Video Performance
Walter Ebert
 
WordPress-Webseiten umziehen / online stellen
WordPress-Webseiten umziehen / online stellenWordPress-Webseiten umziehen / online stellen
WordPress-Webseiten umziehen / online stellen
Walter Ebert
 
Using browser settings for performance
Using browser settings for performanceUsing browser settings for performance
Using browser settings for performance
Walter Ebert
 
Das richtige WordPress-Theme finden
Das richtige WordPress-Theme findenDas richtige WordPress-Theme finden
Das richtige WordPress-Theme finden
Walter Ebert
 
WordPress Health Check - WordCamp Würzburg
WordPress Health Check - WordCamp WürzburgWordPress Health Check - WordCamp Würzburg
WordPress Health Check - WordCamp Würzburg
Walter Ebert
 
WordPress Health Check
WordPress Health CheckWordPress Health Check
WordPress Health Check
Walter Ebert
 
Making WordPress fast(er)
Making WordPress fast(er)Making WordPress fast(er)
Making WordPress fast(er)
Walter Ebert
 
Testumgebungen für WordPress
Testumgebungen für WordPressTestumgebungen für WordPress
Testumgebungen für WordPress
Walter Ebert
 
Modernism in Web Design
Modernism in Web DesignModernism in Web Design
Modernism in Web Design
Walter Ebert
 

More from Walter Ebert (14)

FrOSCon 2023: WordPress als ActivityPub-Instanz
FrOSCon 2023: WordPress als ActivityPub-InstanzFrOSCon 2023: WordPress als ActivityPub-Instanz
FrOSCon 2023: WordPress als ActivityPub-Instanz
 
Hero Video Performance - DrupalCamp Ruhr
Hero Video Performance - DrupalCamp RuhrHero Video Performance - DrupalCamp Ruhr
Hero Video Performance - DrupalCamp Ruhr
 
Sicherheit für WordPress
Sicherheit für WordPressSicherheit für WordPress
Sicherheit für WordPress
 
WordPress aufräumen - WordCamp Stuttgart
WordPress aufräumen - WordCamp StuttgartWordPress aufräumen - WordCamp Stuttgart
WordPress aufräumen - WordCamp Stuttgart
 
WordPress aufräumen
WordPress aufräumenWordPress aufräumen
WordPress aufräumen
 
Hero Video Performance
Hero Video PerformanceHero Video Performance
Hero Video Performance
 
WordPress-Webseiten umziehen / online stellen
WordPress-Webseiten umziehen / online stellenWordPress-Webseiten umziehen / online stellen
WordPress-Webseiten umziehen / online stellen
 
Using browser settings for performance
Using browser settings for performanceUsing browser settings for performance
Using browser settings for performance
 
Das richtige WordPress-Theme finden
Das richtige WordPress-Theme findenDas richtige WordPress-Theme finden
Das richtige WordPress-Theme finden
 
WordPress Health Check - WordCamp Würzburg
WordPress Health Check - WordCamp WürzburgWordPress Health Check - WordCamp Würzburg
WordPress Health Check - WordCamp Würzburg
 
WordPress Health Check
WordPress Health CheckWordPress Health Check
WordPress Health Check
 
Making WordPress fast(er)
Making WordPress fast(er)Making WordPress fast(er)
Making WordPress fast(er)
 
Testumgebungen für WordPress
Testumgebungen für WordPressTestumgebungen für WordPress
Testumgebungen für WordPress
 
Modernism in Web Design
Modernism in Web DesignModernism in Web Design
Modernism in Web Design
 

Recently uploaded

Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
GNAMBIKARAO
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
Decentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and EsportsDecentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and Esports
Federico Ast
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
Infosec train
 
KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
Emre Gündoğdu
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
dtagbe
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
thezot
 
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call GirlsBangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
narwatsonia7
 

Recently uploaded (13)

Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
Decentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and EsportsDecentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and Esports
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
 
KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
 
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call GirlsBangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
 

Sinn und Unsinn von SSL