Web Security

Demystifying TLS, HTTPS and Modern browser Security Capabilities

The Web is over 20 years old now, and there's a lot of legacy security which doesn't measure up to today's requirements. In 1995, NetScape Navigator launched with SSL version 2 to help secure essential ecommerce transactions over an untrusted Internet, and today some organisations leave the now-vulnerable 1995-era security enabled.

This one day instuctor-led course, by one of the very early adopters of Web technologies in Australia, dives deep enough into Web security to guide you to good configuration (but avoids the complex algorithm!). An approachable way to understand and help secure Web workloads.

At the end of this day you'll be armed with enough knowledge to help protect your organisation's workloads — both internally and externally facing.

Krack Attacks: WPA2 vulnerability discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven

By learning how to secure your public facing services, you'll also see how to secure you're private or internal facing services, which can help protect against internal eavesdropping, injection, or other mischief. This is especially important if you have wireless "internal" networks, which suffered the Krack vulnerability against WiFi WPA2 in 2017.

The last few years have seen a number of high profile vulnerabilities found, and we'll look at ways to limit them:

This course is offered at our centrally designated location, or can be delivered privately at your location with a minimum quota of 6 participants (outside of Australia will incur travel & expenses costs).

At a glance
  • Format: Instructor-led, in-room
  • Duration: 1 day
  • Topic: Web Security
  • Cost: AU$1,000 per person ex GST, in Australia† (2019: AU$1,100)
  • Cost: UKĀ£1,000 per person ex VAT, in UK†
  • Note: bookings close 7 calendar days before session commences

† Enquiries welcomed worldwide.


What we'll cover

The intent for this course is to give participants the confidence to understand correct and incorrect configuration of in flight encryption, the ability for the modern Web Browser to assist to limit the scope of damage done by third party content that is depended on. To that end, we'll discuss:

  • History of the Web
  • Certificate Authorities
    • Public Certificate Authorities and what they do
    • Private Certificate Authorities and why you would have one
    • Chains of trust
    • Revocation
    • Transparency
  • Encryption in Flight
    • TLS Protocols
    • Key Exchange
    • Bulk Ciphers
    • Digests
    • Forward Secrecy
  • Web Browser Security
  • Tools
    • Online tools to help investigate configuration
    • Browser based tools
    • Offline tools
  • Tuning Server Side Encryption
  • Tuning Client Side Encryption
  • TLS Servers — other than HTTP (not just the Web)
  • Industry Changes and News

Who should attend.

The content of this course is aimed at a broad cross-section of folk with operational responsibilty for securing workloads, even if they don't realise it! Roles such as:

  • System Administrators
  • Web Application Architects
  • Support Engineers
  • Security Architects
  • DevOps Engineers

What you should already know.

We recommend basic operational familiarity with Web Browsers and Web Servers. A touch of HTML, a peek at what Cascading Style Sheets (CSS) are, passing awareness of JavaScript, knowing what DNS is, and possibly even having made an HTTP request using Telnet in the past! If you can do any of these, then we'll take you on a journey to understand how so many organisations mis-configure their services.

How you'll get this.

This content is delivered through a combination of personal instructor-led training, and practical lab work. We keep our group small to allow as much interaction as possible.

The practical work is designed to give you the capability to execute on the knowledge learnt. Participants will require a laptop, and current version of Chrome and/or Firefox browsers available to them.

More info.

How long is this course?
The Web Security course is delivered over 1 day
What equipment do I need to bring?
Please bring your laptop to perform the exercises and lookup reference material. It must support a WiFi connection and/or an Ethernet cable. You should have a modern Web Browser (recent editions of Internet Explorer, Chrome, Firefox). Having local administrator privileges may also be useful for setting network access up.
Is lunch included?
Yes, lunch and snacks are included; please let us know at booking time if you have any allergies or special requirements.
How do I register?
Check our list of currently scheduled courses and hit the book button to process via TryBooking.com
How do I express interest for your courses in my city?
Please let us know and we'll consider scheduling sessions there!
Can I cancel my registration or change who attends?
Probably; see our policy here.
I have another question!
Great — please contact us.