Managing Partner, David M. Zendzian, will be giving a short presentation on SSL/TLS protocol, security and configuration issues on Brighttalk tomorrow at 12 EST.
SSL is a well designed protocol to ensure communications between two points are secured and that 3rd parties are not able to view the protected communications. As such many applications have come to rely on SSL to protect many protocols and services. However due to incorrect deployments, misconfiguration, blind trust or simple human error many attackers are able to insert themselves into this trusted SSL communication capturing data, authentication information and established sessions.
This presentation will overview the most common misconfiguration and assumptions used on internal and external deployments of SSL and discuss how I have designed and deployed solutions to mitigate this risk.