Secure Socket Layer

Course:  SSL1
Duration:  1 Day
Level:  I
Course Summary

This course will introduce modern web security, with a focus on HTTPS and the Secure Socket Layer (SSL) standard. In the age of the modern web application, security has to be taken very seriously. Applications written to work without an eye for security - storing information in cookies and plain-text HTTP - can leak sensitive user information and cause enormous business risk.

This is a deep, one-day introduction intended to get IT managers and analysts from a basic understanding of cryptography to a complete understanding of security in the modern web stack. The instructor has over a decade of experience working on with web application design and development. We will use examples from real life to illustrate the instruction.

« Hide The Details
Topics Covered In This Course

Introduction to Cryptography

  • What is Cryptography
  • Underlying Theory: Discrete Math
  • Use Cases and Benefits
  • History of Cryptography Algorithms
  • Illustration of weak encryption basic ciphers
  • Illustration of encrypting messages with PGP
  • Context in Web Security

Public Key Encryption

  • Symmetric Key Algorithms
  • Asymmetric Key Algorithms
  • Block vs. Stream Ciphers
  • Evaluating strength of an algorithm
  • Need for Public Key Infrastructure
  • The concept of a Certificate Authority
  • Alternative: Web of Trust
  • Modern Certificate Authorities

Encryption Algorithms

  • ROT13, for illustration
  • DES / AES
  • MD5
  • SHA-1 / SHA-256
  • HMAC-*
  • DSA / RSA
  • Java code example for RSA

SSL / TLS

  • SSL 3.0
  • TLS 1.0 / 1.1
  • TLS 1.2
  • Stepping through a TLS Handshake
  • Error Conditions
  • Code illustrating SSL/TLS in practice
  • Modern usability problems surrounding web security
What You Can Expect

At the end of this course, attendees will:

  • Understand the need for web security, and the different techniques available secure web applications
  • Learn the basics of modern cryptography, including encryption algorithms, public key infrastructure, hashing, and the underlying theory from discrete mathematics
  • Gain knowledge of protocol-level security mechanisms, attack vectors, and best practices, with a focus on HTTPS and SSL.
Who Should Take This Course

Aimed at analysts, developers, and engineers. Web security will be described in a language-independent way, but examples will be used from Java to illustrate concepts in practice.

Recommended Prerequisites

Basic background in programming with a mainstream programming language will be helpful but is not necessary.

Training Style

Short instruction sections will be separated by 30m labs, featuring hands-on examples.

« Hide The Details

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.

Schedule For This Course
There are currently no public sessions scheduled for this course. We can schedule a private class for your organization just a couple of weeks from now. Or we can let you know the next time we do schedule a public session.
Notify me the next time this course is confirmed!
Can't find the course you want?
Call us at 800.533.3893, or
email us at [email protected]