SSL: What is it, How to do it, and Why you should care

•Download as PPTX, PDF•

1 like•262 views

Jessica C. Gardner

Presentation at WordCamp Chicago 2017 by Jessica Gardner

Technology

SSL:
What it is, How to do it, &
Why you should care
WordCamp Chicago 2017

The 3 main things
◎Authentication and Verification
◎Privacy/Data Encryption
◎Data Integrity

Jargon & Acronyms
◎SSL – Secure Socket Layer
◎TLS – Transport Layer Security
◎HTTPS – Hypertext Transfer Protocol Secure
◎PKI – Public Key Infrastructure
◎CA – Certificate Authority
◎CSR – Certificate Signing Request

Image: https://thenocman.com/ssl-certificates/

Image: https://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication

Who Needs It?
◎E-Commerce– PCI Compliance
◎Entertainment- DRM
◎Market Research
◎Productivity
◎Social Media
◎Education/Testing
◎Sensitive Form Data

Certificate contents
◎Domain name (common name)
◎Public key
◎Owner of certificate (subject)
◎Issuer of certificate (CA)
◎Expiration data
◎Serial number

Types of Certificates
◎Domain Validation – CA checks right of
applicant to use domain name
◎Organization Validation – CA does above +
vets organization
◎Extended Validation – CA does above +
thorough vetting of organization

Self-Signed vs Trusted CA
◎Self-Signed: generally used for testing.
Offers encryption but not validation. Will give
errors.

Trusted Certificate Authorities
◎Client (browser) checks certificate validity
◎OCSP request (Online Certificate Status
Protocol)
◎CRL – Certificate Revocation List
○If revoked, client returns error
○If clear, communications proceed

Let’s Encrypt (Yes, Let’s!)
◎Free, automated, open certificate
◎Non-profit Internet Security Research Group
◎Domain validation
◎No warranty
◎3-month expiry

◎Update Site URL from http:// to https://
◎Force http requests to https

Issues and Caveats
◎Moving a site
◎Cloud Proxy
◎Mixed/Unsecure content

Removing SSL
◎wp-config.php
◎.htaccess
◎Updating site URL (functions.php)

Thanks!
Any questions?
You can find me at:
@jessicacgardner
jessica@btwrx.com

Resources
◎SSL Server Test:
https://www.ssllabs.com/ssltest/
◎Why No Padlock?
https://www.whynopadlock.com/
◎CryptoReport
https://cryptoreport.websecurity.symantec.com/
checker/

What's hot

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...

OpenIDFoundation

20180426 legal challenges related to blockchain technology

Bart Van Den Brande

Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...

Scott Brady

Over $2 billion has been lost to hacks on decentralized finance (DeFi) applications in the past two years alone. While DeFi can provide access to high return opportunities, there are also risks worth considering. In this webinar we’ll dive deep into some of the largest exploits in DeFi, what they have in common and what both users and developers can learn from these. We will go from the basics of risk management using DeFi, to some cutting edge analyses that can be applied to analyze these protocols.

Uncovering DeFi Largest Hacks - Key Factors to Consider & How to Mitigate Risks

intotheblock

BOTCHAIN aka The Dark side of Blockchain

Antonio Pirozzi

Sw2 prezen3pdf

s1190088

Sw prezen3pdf

s1190088

Authorization Using JWTs

ForgeRock Identity Tech Talks

How you can support Bitcoin today | ProvenCrypto

Opti Network

Block Chain meets Big Data

Vihang Patel

Practical Cryptography

Kelley Robinson

Particl Project - Privacy Focused Decentralized Applications

Paul Schmitzer, RA, LEED AP

BrodTech 2021: Blockchain | Mak Muftić (ChainSafe)

Brod Tech

Blockchain presentation for Devfest 2018

Techracers

Corporate Web Systems

Alexander Deryugin

Bit trade labs sovereign identity fintech summit 2016

Glen Frost

Blockchain Introduction

Ayham Madi

Supply Chain Management on the blockchain with Iot, Azure, BigchainDB, VueJS

Stylight

What is Cryptocurrency Mining?

Monica Dhara

Introduction to Distributed Ledger Technology or Blockchain: On July 13, 2017, FINRA held a Blockchain Symposium to assess the use of distributed ledger technology (DLT) in the financial industry, including the maintenance of shareholder and corporate records. DLT is commonly referred to as blockchain. The symposium included participation by the Office of the Comptroller of Currency, the US Commodity Futures Trading Commission (CFTC), the Federal Reserve Board and the SEC...

Introduction to Distributed Ledger Technology or Blockchain

Laura Anthony, Esq.

What's hot (20)

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...

20180426 legal challenges related to blockchain technology

Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...

Uncovering DeFi Largest Hacks - Key Factors to Consider & How to Mitigate Risks

BOTCHAIN aka The Dark side of Blockchain

Sw2 prezen3pdf

Sw prezen3pdf

Authorization Using JWTs

How you can support Bitcoin today | ProvenCrypto

Block Chain meets Big Data

Practical Cryptography

Particl Project - Privacy Focused Decentralized Applications

BrodTech 2021: Blockchain | Mak Muftić (ChainSafe)

Blockchain presentation for Devfest 2018

Corporate Web Systems

Bit trade labs sovereign identity fintech summit 2016

Blockchain Introduction

Supply Chain Management on the blockchain with Iot, Azure, BigchainDB, VueJS

What is Cryptocurrency Mining?

Introduction to Distributed Ledger Technology or Blockchain

Similar to SSL: What is it, How to do it, and Why you should care

Lecture #22 : Web Privacy & Security Breach

Dr. Ramchandra Mangrulkar

Lecture #21: HTTPS , SSL & TLS

Dr. Ramchandra Mangrulkar

Cryptography

TanviGogri

Jun 15 privacy in the cloud at financial institutions at the object managemen...

Ulf Mattsson

Certificates and Web of Trust

Yousof Alsatom

International Refereed Journal of Engineering and Science (IRJES) is a leading international journal for publication of new ideas, the state of the art research results and fundamental advances in all aspects of Engineering and Science. IRJES is a open access, peer reviewed international journal with a primary objective to provide the academic community and industry for the submission of half of original research and applications

International Refereed Journal of Engineering and Science (IRJES)

irjes

Symantec SSL Explained

Symantec Website Security

Data security is a critical component for all businesses. Business data protection helps to secure customer details, financial information, survey data and other key business data which are key company assets. Many companies, including Sample Solutions, rely on the fact that data they have and work with is secure, encrypted and can not be breached. Losing the data in a natural catastrophe is one thing but losing it to a breach can lead to severe consequences. Not only do data breaches damage a company’s reputation and destroy consumer trust, breaching may also lead to lost business opportunities and financial consequences, along with disrupt safety and natural workflow.

Data Security Whitepaper

Sample Solutions

ExpressionEngine Conference: Rock Solid - Securing You Client's ExpressionEng...

David Dexter

CRYPTOCURRENCY: TRADING MARKET

IRJET Journal

Isaca atlanta - practical data security and privacy

Ulf Mattsson

Carrying out safe exploration short of the actual data of codes and trapdoors

Iaetsd Iaetsd

ttttttttttttt23

New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009

Ulf Mattsson

Communications Technologies

Sarah Jimenez

Introduction of an SSL Certificate

CheapSSLUSA

IS-Crypttools.pptx

V.V.Vanniaperumal College for Women

Introduction to SSL and How to Exploit & Secure

Brian Ritchie

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC

Nizar Ben Neji

Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation. • Learn New Application and Data Protection Strategies • Learn Advancements in Machine Learning • Learn how to develop a roadmap for EU GDPR compliance • Learn Data-centric Security for Digital Business • Learn Where Data Security and Value of Data Meet in the Cloud • Learn Data Protection On-premises, and in Public and Private Clouds • Learn about Emerging Application and Data Protection for Multi-cloud • Learn about Emerging Data Privacy and Security for Cloud • Learn about New Enterprise Application and Data Security Challenges • Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation

ISSA Atlanta - Emerging application and data protection for multi cloud

Ulf Mattsson

Similar to SSL: What is it, How to do it, and Why you should care (20)

Lecture #22 : Web Privacy & Security Breach

Lecture #21: HTTPS , SSL & TLS

Cryptography

Jun 15 privacy in the cloud at financial institutions at the object managemen...

Certificates and Web of Trust

International Refereed Journal of Engineering and Science (IRJES)

Symantec SSL Explained

Data Security Whitepaper

ExpressionEngine Conference: Rock Solid - Securing You Client's ExpressionEng...

CRYPTOCURRENCY: TRADING MARKET

Isaca atlanta - practical data security and privacy

Carrying out safe exploration short of the actual data of codes and trapdoors

New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009

Communications Technologies

Introduction of an SSL Certificate

IS-Crypttools.pptx

Introduction to SSL and How to Exploit & Secure

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC

ISSA Atlanta - Emerging application and data protection for multi cloud

Recently uploaded

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Histor y of HAM Radio presentation slide

vu2urc

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Developing An App To Navigate The Roads of Brazil

V3cube

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

HTML Injection Attacks: Impact and Mitigation Strategies

Axa Assurance Maroc - Insurer Innovation Award 2024

How to Troubleshoot Apps for the Modern Connected Worker

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Histor y of HAM Radio presentation slide

What Are The Drone Anti-jamming Systems Technology?

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Handwritten Text Recognition for manuscripts and early printed texts

Tech Trends Report 2024 Future Today Institute.pdf

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

[2024]Digital Global Overview Report 2024 Meltwater.pdf

A Domino Admins Adventures (Engage 2024)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Advantages of Hiring UIUX Design Service Providers for Your Business

How to Troubleshoot Apps for the Modern Connected Worker

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Developing An App To Navigate The Roads of Brazil

SSL: What is it, How to do it, and Why you should care

1. SSL: What it is, How to do it, & Why you should care WordCamp Chicago 2017

2. Hello! A bit about me… @jessicacgardner

3. 1. SSL: What it is

4. HTTP Review

6. HTTPS

7. The 3 main things ◎Authentication and Verification ◎Privacy/Data Encryption ◎Data Integrity

8. Jargon & Acronyms ◎SSL – Secure Socket Layer ◎TLS – Transport Layer Security ◎HTTPS – Hypertext Transfer Protocol Secure ◎PKI – Public Key Infrastructure ◎CA – Certificate Authority ◎CSR – Certificate Signing Request

9. Image: https://thenocman.com/ssl-certificates/

10.

11. Image: https://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication

12. 2. Why you should care

13. Who Needs It? ◎E-Commerce– PCI Compliance ◎Entertainment- DRM ◎Market Research ◎Productivity ◎Social Media ◎Education/Testing ◎Sensitive Form Data

14.

15.

16.

17. 3. How to do it

18. You’ll Need…

19. Certificate contents ◎Domain name (common name) ◎Public key ◎Owner of certificate (subject) ◎Issuer of certificate (CA) ◎Expiration data ◎Serial number

20. Types of Certificates ◎Domain Validation – CA checks right of applicant to use domain name ◎Organization Validation – CA does above + vets organization ◎Extended Validation – CA does above + thorough vetting of organization

21. Self-Signed vs Trusted CA ◎Self-Signed: generally used for testing. Offers encryption but not validation. Will give errors.

22. Trusted Certificate Authorities ◎Client (browser) checks certificate validity ◎OCSP request (Online Certificate Status Protocol) ◎CRL – Certificate Revocation List ○If revoked, client returns error ○If clear, communications proceed

23.

24.

25.

26. Let’s Encrypt (Yes, Let’s!) ◎Free, automated, open certificate ◎Non-profit Internet Security Research Group ◎Domain validation ◎No warranty ◎3-month expiry

27. ◎Update Site URL from http:// to https:// ◎Force http requests to https

28. Issues and Caveats ◎Moving a site ◎Cloud Proxy ◎Mixed/Unsecure content

29. Removing SSL ◎wp-config.php ◎.htaccess ◎Updating site URL (functions.php)

30.

31.

32. Thanks! Any questions? You can find me at: @jessicacgardner jessica@btwrx.com

33. Resources ◎SSL Server Test: https://www.ssllabs.com/ssltest/ ◎Why No Padlock? https://www.whynopadlock.com/ ◎CryptoReport https://cryptoreport.websecurity.symantec.com/ checker/

SSL: What is it, How to do it, and Why you should care

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to SSL: What is it, How to do it, and Why you should care

Similar to SSL: What is it, How to do it, and Why you should care (20)

Recently uploaded

Recently uploaded (20)

SSL: What is it, How to do it, and Why you should care