This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to the full schedule of the OWASP AppSec Research EU 2013 conference days. You’ll find the schedule for the training days at http://trainings2013.appsec.eu
View analytic
Thursday, August 22 • 11:50am - 12:35pm
Recipes for enabling HTTPS

Sign up or log in to save this to your schedule and see who's attending!

Securely enabling HTTPS turns out to be tricky and time consuming. There is the considerable accidental complexity of web application and server configuration. Then there is lots of advice on what versions of SSL, TLS, which ciphers and modes to avoid, but precious little on how to do it right. No week seems to pass without something being added to the list of DON’Ts, as attacks continue to grow more sophisticated.
In this demo-packed presentation, we do give advice. Even better, we give it in the form of Puppet scripts, ideal for capturing and enforcing best practices across servers. This is the DevOps approach to enabling HTTPS. Participants learn how to set up HTTPS-enabled web servers with Puppet, how to review and adapt existing manifests according to specific needs and prevailing cryptographic advice, and how to incorporate third-party modules.
We discuss pain points in the configuration, show how Puppet helps with change management and demonstrate how to migrate an existing user base via HSTS.


Nelis Boucké

Nelis Boucké is a software engineer, consultant and entrepreneur. Nelis obtained a Ph.D. in Computer Science from the K.U.Leuven in 2009 and is Certified TOGAF 9 Professional. He has experience in both industry and research projects on software architecture for complex distributed systems. As co-founder of archiwise.com, he assists companies with improving their software using architectural, security, DevOps or agile techniques. He has... Read More →

Thomas Herlea

Thomas Herlea is an IT security consultant specialized in application security. He performs vulnerability assessments and consults on secure development with the Trasys Group. Previously, he was employed by Verizon Business.  | Thomas is an alumnus of the COSIC research group and an active member of OWASP and ISSA-BE.  | Thomas taught at COSIC for several years, is on the SecAppDev faculty and provides in-house software security courses... Read More →
avatar for Johan Peeters

Johan Peeters

ohan Peeters is an independent software architect. He serves both large companies and SMEs and has addressed software development issues ranging from product definition to acceptance testing. He is the founder of secappdev.org.  | Johan has spoken and led practical workshops at several international conferences, including XPDays, SPA, and OWASP and AgileAlliance events.

Thursday August 22, 2013 11:50am - 12:35pm