Web Security Training
Navigating the web security landscape
Navigating the web security landscape
I hope you enjoyed the training course at the OWASP Benelux Days 2016. This page offers you further reading material, and links to useful resources. If you want to receive a bi-weekly web security update and want to be notified of upcoming events, I highly recommend to subscribe to our mailing list using the button below.
The following resources go deeper into the topics we covered during the course.
An explanation of how the SSL server test comes to its score
An overview of SSL/TLS Deployment Best Practices
The free OpenSSL cookbook containing lots of practical details about configuring TLS
Moxie Marlinspike's entertaining talk on Authenticity in TLS
A blog post about potential abuses of HSTS and HPKP
The account of Wired's upgrade to HTTPS, Part 1, Part 2, and the final report
The 'Black Tulip' report on the compromise of DigiNotar
The OWASP SSL/TLS scanning project DeepViolet which Sytze talked about
Below, you find a few pointers to useful information if you're deploying TLS or HTTPS in practice.
A detailed explanation of what happens during the initialisation of an HTTPS connection
Mozilla's operational guide to TLS
A guide on decrypting TLS traffic in Wireshark
A detailed account of setting up Certificate Transparency with a TLS Extension