Deltager - Verdens beste TLS + PKI kurs - Oslo

Verdens beste TLS + PKI kurs - Oslo

The Best TLS Training in the World /
Internet PKI in Depth

For første gang kommer Feisty Duck med sine bestselgende kurs til Norge. 

Dette er en unik mulighet for alle som skal installere, drifte og vedlikeholde webservere / PKI infrastruktur på Internett, om det er for egen hjemmeside eller for store bedrifter. Kurset og alt kursmateriell er på Engelsk.  Egen laptop må tas med for å kunne utføre praktiske oppgaver på maskiner i skyen som gjøres tilgjengelig ved kursstart. Det forutsettes grunnleggende kunnskap om bruk av Linux kommandolinje med mer.

Kursinstruktør er den internasjonalt anerkjente Scott Helme. Foruten sine egenutviklede tjenester securityheaders.io og report-uri.io, så ble han kjent sammen med Troy Hunt da de hacket Nissan Leaf. Scott holder kurs og foredrag rundt om i verden, og er en engasjerende foredragsholder med en unik kompetanse på sitt fagfelt!

Kurset er utviklet av Ivan Ristić, sikkerhetsforsker, ingeniør og forfatter. Han er best kjent for sine bidrag innen webapplikasjonssikkerhet, blant annet ModSecurity, SSL/TLS  og PKI forskning, samt verktøy og guidelines publisert på sidene til SSL Labs. Han har også skrevet boken Bulletproof SSL and TLSsom av mange ses på som referanseboken på området.

Kurset starter 08:30, og vi holder på til ca klokken 17:00 begge dager. Prisen inkluderer alt materiell, tilgang til virtuelle maskiner i skyen for oppgaver og testing, kaffe/te og snacks samt stor lunch buffet på Thon Hotel Opera. 

Betaling gjøres enten med kort på nett, eller du kan velge å få tilsendt faktura pr. epost.

Nedenfor finner du kursbeskrivelse for begge dagene.

--------------

Dag 1: The Best TLS Training in the World

Designed by the author of the much acclaimed Bulletproof SSL and TLS, this practical course will teach you how to deploy secure servers and encrypted web applications during a day packed with theory and practical work. We’ll focus on what you need in your daily work to deliver best security, availability and performance. And you will learn how to get an A+ on SSL Labs!

Why this course is for you

  • Understand threats and attacks against encryption
  • Identify real risks that apply to your systems
  • Deploy servers with strong private keys and valid certificates
  • Deploy TLS configurations with strong encryption and forward secrecy
  • Understand higher-level attacks against web applications
  • Use the latest defence technologies, such as HSTS, CSP, and HPKP

Course Outline

  1. Introduction
    1. The need for network encryption
    2. Understanding encrypted communication
    3. The role of public key infrastructure (PKI)
    4. SSL/TLS and Internet PKI threat model
  2. Keys and certificates
    1. RSA and ECDSA: selecting key algorithm and size
    2. Certificate hostnames and lifetime
    3. Practical work:
      1. Private key generation
      2. Certificate Signing Request (CSR) generation
      3. Self-signed certificates
      4. Obtaining valid certificates from Let’s Encrypt
    4. Sidebar: Revocation
  3. Protocols and cipher suites
    1. Protocol security
    2. Key exchange strength
    3. Forward security
    4. Cipher suite configuration
    5. Practical work:
      1. Secure web server configuration
      2. Server testing using SSL Labs
    6. Sidebar: Server Name indication (SNI)
    7. Sidebar: Performance considerations
  4. HTTPS topics
    1. Man in the middle attacks
    2. Mixed content
    3. Cookie security
    4. CRIME: Information leakage via compression
    5. HTTP Strict Transport Security
    6. Content Security Policy
    7. HTTP Public Key Pinning
    8. Practical work:
      1. Deploying HSTS to deploy robust encryption
      2. Deploying CSP to deal with mixed content
  5. Putting it all together: Getting A+ in SSL Labs

We will also provide you with many additional exercises that you can work on in your own time. You'll be able to ask us for help via email. And if you're already familiar with the basics, we'll challenge you with some of the advanced exercises on the day.

--------------

Dag 2: Internet PKI in Depth

Based on the book Bulletproof SSL and TLS. We’ll start with the basics and the theory, then discuss how the PKI is implemented in the real world, and finish with a practical example of a realistic private certification authority. You will learn methods which you can easily replicate in your own work.

Why This Course is for You

  • Learn about key PKI standards and formats
  • Understand where practice differs from theory
  • Analyze certificate lifecycle in detail
  • Evaluate PKI weaknesses and how they affect you
  • Deploy robust protection using public key pinning
  • Learn about what's coming in the future
  • Practise what you've learned

By the end of the day you will have built a fully-functioning private CA—with multiple intermediate CAs and revocation—using a method that you can easily replicate.

Course Outline

  1. Introduction
  2. Standards
    1. X.509 certificates
    2. Certificate chains
    3. Name constraints
    4. Trust path building
    5. Validation process
  3. Internet PKI
    1. Certification Authorities
    2. Relying parties
    3. Certificate types (DV, EV, OV)
    4. Certificate lifecycle (validation, issuance, and revocation)
    5. CA/B Forum and its standards
    6. Weaknesses
    7. History of attacks
  4. Revocation
    1. CRL
    2. OCSP
    3. OCSP stapling
    4. CRLsets and OneCRL
    5. Short-lived certificates
  5. Defenses
    1. Certification Authority Authorization (CAA)
    2. Public Key Pinning
      1. Static pinning
      2. HPKP
      3. DNSSEC/DANE
  6. Certificate Transparency
  7. PKI ecosystem monitoring
    1. SSL Pulse
    2. Censys
    3. crt.sh
  8. Project: Building and deploying a realistic private CA
 
Registreringsskjema
Fornavn
 *
Etternavn
 *
E-postadresse
Full pris *
 (kr 14 500,00 pr stk)
Mobil
Betalingsmetode