This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, February 28 • 13:40 - 15:10
Modern Web Application Defenses against Dangerous Network Attacks (Part 1)

Sign up or log in to save this to your schedule and see who's attending!

Do you have any idea how many files you send to the user are modified in transit? How much sensitive information is up for grabs to an eavesdropper? Or whether there is an attacker sitting in the middle, with the ability to carry out a dangerous SSL Stripping attack?

In the past few years, a secure communication channel has become more important than ever, and browsers are actively pushing developers towards using HTTPS. Therefore, simply deploying sensitive parts of your application over HTTPS is no longer sufficient. You need to move all of your content to HTTPS, and deploy additional security policies to establish a secure end-to-end communication channel.

In this session, participants will learn through hands-on experience why a partial HTTPS deployment can easily be undermined by easy-to-execute network attacks. We will cover common (non-cryptographic) attacks on HTTPS applications, and how they are countered by the newest HTTPS security policies, such as HTTP Strict Transport Security (HSTS) and HTTP Public Key Pinning (HPKP). You will walk away with an up-to-date list of best practices for deploying your applications over HTTPS.

Attendees are required to bring a laptop with VirtualBox installed. If you have restricted access to the BIOS settings, please make sure Virtualization is enabled up front.

The training image is available for download at the following URL: https://people.cs.kuleuven.be/philippe.deryck/training/secappdev2017.ova 

avatar for Philippe De Ryck

Philippe De Ryck

imec-DistriNet-KU Leuven
Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners.

Tuesday February 28, 2017 13:40 - 15:10
Room: Van Hamaele

Attendees (5)