Welcome to the full schedule of the OWASP AppSec Research EU 2013 conference days. You’ll find the schedule for the training days at http://trainings2013.appsec.eu
Thursday, August 22 • 11:50am - 12:35pm
Recipes for enabling HTTPS

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Securely enabling HTTPS turns out to be tricky and time consuming. There is the considerable accidental complexity of web application and server configuration. Then there is lots of advice on what versions of SSL, TLS, which ciphers and modes to avoid, but precious little on how to do it right. No week seems to pass without something being added to the list of DON’Ts, as attacks continue to grow more sophisticated.
In this demo-packed presentation, we do give advice. Even better, we give it in the form of Puppet scripts, ideal for capturing and enforcing best practices across servers. This is the DevOps approach to enabling HTTPS. Participants learn how to set up HTTPS-enabled web servers with Puppet, how to review and adapt existing manifests according to specific needs and prevailing cryptographic advice, and how to incorporate third-party modules.
We discuss pain points in the configuration, show how Puppet helps with change management and demonstrate how to migrate an existing user base via HSTS.


Nelis Boucké

Nelis Boucké is a software engineer, consultant and entrepreneur. Nelis obtained a Ph.D. in Computer Science from the K.U.Leuven in 2009 and is Certified TOGAF 9 Professional. He has experience in both industry and research projects on software architecture for complex distributed... Read More →

Thomas Herlea

Thomas Herlea is an IT security consultant specialized in application security. He performs vulnerability assessments and consults on secure development with the Trasys Group. Previously, he was employed by Verizon Business. Thomas is an alumnus of the COSIC research group and an... Read More →
avatar for Yo Peeters

Yo Peeters

Johan Peeters is an independent software architect. He serves both large companies and SMEs and has addressed software development issues ranging from product definition to acceptance testing. He is the founder of secappdev.org... Read More →

Thursday August 22, 2013 11:50am - 12:35pm CEST