HTTPS for developers

This page contains the resources for the talk titled "HTTPS for developers". A recording is available at the bottom.

Abstract

Have you heard about HTTPS? I'm sure you have, and I'm also sure that you are convinced of its usefulness (if not, we need to talk!). But the HTTPS ecosystem today is vastly different than a couple of years ago. Today, we need to defend against SSL stripping or the use of fraudulent certificates. Various technologies exist to combat these attacks. Think about Strict Transport Security, Certificate Transparency and Certificate Authority Authorization.

In this talk, we take a look at HTTPS from a developer's point of view. We are not going to talk about SSL, TLS, versions, and algorithms. Instead, we will look at how HTTPS impacts the application. We will see how merely deploying HTTPS is far from sufficient to secure an application. At the end of this session, you will have learned to look at your current HTTPS deployment differently. You will know which steps to take to bring it to the modern age.

About Philippe De Ryck

Philippe De Ryck is the founder of Pragmatic Web Security, where he travels the world to train developers on web security and security engineering. He holds a Ph.D. in web security from KU Leuven. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security and security in Angular applications.