Hardening HTTPS and SSH :: Rochester Security Summit

Hardening HTTPS and SSH

Presented by Joe Testa

We will talk about the inner workings of the TLS and SSH protocols and the security properties they offer. Attacks against the TLS protocol versions will be analyzed, along with weak ciphersuites and other options. Similarly, attacks on SSH and various common cryptographic settings will also be discussed. Open-source and free tools will be demonstrated to audit TLS & SSH services. Hardening techniques for achieving optimal security settings for both protocols will be covered in detail.

Joe Testa

As a seasoned security consultant, Testa brings over 15 years of experience to the business. He specializes in penetration testing, server & network hardening, source code auditing, and social engineering. A strong supporter of open-source technology, he is the author and maintainer of the Rainbow Crackalack, SSH-MITM, and Bitclamp projects.

Prior to founding Positron Security, Testa excelled as a security researcher and vulnerability test programmer for Rapid7. He holds a Master of Science degree in Computer Security and Information Assurance from the Rochester Institute of Technology, along with a Bachelor of Science degree in Psychology and Computer Science from the University of Maryland at College Park.