Pfeiffer Szilárd
Security Researcher & Evangelist
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua
5e1e4087285a6c7c7d503332b14c5bf7
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
a8ae2f4a56baf78845c041c833946d00
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Kriptográfiai protokollok
elméleti hibák
implementációs hibák
Kriptográfiai primitívek
elméleti hibák
implementációs hibák
teljesítmény problémák
politikai tényezők
Applikáció réteg protokolljai
Szoftverek
implementációs hibák
konfigurációs hibák
TLS
_ECDHE
_RSA
_AES_128_CBC
_SHA256
ECDHE-RSA-AES128-SHA256
SSL (2.0, 3.0)
TLS 1.2
early TLS (1.0, 1.1)
TLS 1.3
Forward Secrecy
ephemeral
static
Session Resumption
session id
session ticket
Diffie-Hellman
(DH)
Rivest-Shamir-Adleman
(RSA)
Elliptic-curve Diffie-Hellman
(ECDH)
Elliptic-curve
Diffie-Hellman Ephemeral
(ECDHE)
Diffie-Hellman Ephemeral
(DHE)
session resumption
(session id)
session resumption without server-side state
(session ticket)
static pre-shared-key
(PSK_KE)
ephemeral pre-shared-key
(PSK_DHE_KE)
anonymous
(NULL)
Rivest–Shamir–Adleman
(RSA)
Elliptic Curve
Digital Signature Algorithm
(ECDSA)
Digital Signature Algorithm
(DSA)
Edwards-Curve
Digital Signature Algorithm
(EdDSA)
Blokk titkosítás
megbízható
problémás
nem használt
Blokk titkosítási módok
Folyam titkosítók
Block Size of 64 bits
(DES, 3DES, GHOST, IDEA, RC2)
Advanced Encryption Standard
(AES128, AES256)
CBC mode only
(SEED)
Far East
(ARIA, Camellia)
Cipher Block Chaining
(CBC)
Galois/Counter Mode
(GCM)
Counter with CBC-MAC
(CCM/CCM-8)
Rivest Cipher 4
(ARCFOUR/RC4)
ChaCha
(ChaCha20)
PayPal
F5
Citrix
Cisco
Palo Alto Networks
Symantec
FortiNet
top 100.000
1.1%
top 1.000.000
0.5%
eBay
Nasdaq
Banco Mercantil
Union Bank
Ziraat Bank
Match
Walmart
Citrix
legnépszerűbb 1M weboldal
25%
összes weboldal
33%
Yahoo
Alibaba
Flickr
Samsung
NBA
Asus
Banggood
Apache
legnépszerűbb 1M weboldal
8.4%
összes weboldal
3.4%
SMTP szerverek
14.8%
POP3S szerverek
8.9%
IMAPS szerverek
8.4%
14.000.000 oldal
36.7%
U.S.A. oldalak
35%
USA kormányzati szerverek
MAC típusok
hash alapú MAC
univerzális MAC
MAC algoritmusok
Message-Digest Algorithm 5
(MD5)
Poly1305
(POLY1305)
Secure Hash Algorithm 2
(SHA256, SHA384)
Secure Hash Algorithm 1
(SHA-1)
Message-Digest Algorithm 5
(MD5)
Poly1305
(POLY1305)
Secure Hash Algorithm 2
(SHA256, SHA384)
Secure Hash Algorithm 1
(SHA-1)
Automatic Redirection to HTTPS
Security Headers
Automatic Redirect to HTTPS
Defense against
Clickjacking
Content Injection Attacks
Cross-site scripting
setenv.add-response-header=("Strict-Transport-Security"=>"Value")
add_header Strict-Transport-Security 'Value' always;
Header always set Strict-Transport-Security "Value"
max-age=63072000; includeSubdomains;
preload
setenv.add-response-header=("X-Frame-Options"=>"Value")
add_header X-Frame-Options "Value" always;
Header always set X-Frame-Options "Value"
deny/sameorigin
setenv.add-response-header=("X-XSS-Protection"=>"Value")
add_header X-XSS-Protection "Value" always;
Header always set X-XSS-Protection "Value"
X-XSS-Protection: 1; mode=block
setenv.add-response-header=("Feature-Policy"=>"Value")
add_header Feature-Policy "Value" always;
Header always set Feature-Policy "Value"
microphone 'none';
geolocation ''*'';
payment 'self';
...
setenv.add-response-header=("Content-Security-Policy"=>"Value")
add_header Content-Security-Policy "Value" always;
Header always set Content-Security-Policy "Value"
default-src https://same.domain:443
Configuration
Updates
Snippet
Generators
Checkers
Online
Offline
Transport Layer Security
Secure Shell
Security Headerök