A programmer's guide to secure connections
Beyond looking out for a little green padlock in the browser bar, what do you need to know about secure connections as a programmer? What do people mean by terms like authentication, verifying a certificate, or signing a message? Join Liz Rice as she demystifies HTTPS, TLS, X.509, and more.
| Talk Title | A programmer's guide to secure connections |
| Speakers | Liz Rice (Aqua Security) |
| Conference | Velocity |
| Conf Tag | Build resilient systems at scale |
| Location | New York, New York |
| Date | September 20-22, 2016 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
All too often we read stories about systems being compromised because an administrative interface was left open and unsecured or because access keys were inadvertently made public. You probably know that HTTPS is “secure”; you may well have experience creating certificate signing requests or using public/private key pairs. But many of us follow the instructions without worrying too much about what’s going on. The next thing you know, you have directories full of mysterious .pem, .csr and .key files, and only the loosest grasp of what they’re there for. Liz Rice explains what’s going on, as she investigates the constituent parts of a certificate and shows how it identifies its owner, details how a secure connection is set up, and discusses why you might need to revoke or rotate certificates along with the implications of those decisions. This isn’t a talk about cryptography; it’s a practical guide to what is happening under the covers when applications or users need to identify themselves or need a secure channel for communications. You’ll leave with the confidence to use secure connections within your own code and configure the security settings on the tools you use every day.
