How to Stop Man-in-the-Middle and Downgrade Attacks in Your Apps

Securing communications over untrusted networks is a critical element of security for any modern application. In this course, you will learn how to simulate man-in-the-middle attacks to test for these problems, and learn how to prevent them.
Course info
Rating
(17)
Level
Intermediate
Updated
Aug 17, 2016
Duration
2h 27m
Table of contents
Description
Course info
Rating
(17)
Level
Intermediate
Updated
Aug 17, 2016
Duration
2h 27m
Description

While one of the cornerstones of application security is securing communications over untrusted networks, far too often developers and operations personnel get tripped up by the many pitfalls of implementation, often resulting in the complete failure to secure data on the wire. In this course, you'll learn how adversaries can gain access to other users' communications through a variety of techniques, and prevention strategies. The course covers specific topics ranging from the SSL/TLS certificate authority system, to secure web session management and mobile communications security. You'll also learn how to conduct simulated man-in-the-middle attacks to empirically test SSL/TLS certificate validation in realistic scenarios. By the end of this course, you'll have a thorough understanding of techniques to prevent interception and make applications more secure.

About the author
About the author

As an application security consultant and vulnerability researcher, Tim has been taking deep technical dives in security for over a decade. His current research interests include applied cryptanalysis, XML external entities attacks, and network timing attacks. Tim maintains several open source forensics tools in addition to Bletchley, an application cryptanalysis toolkit.

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Tim Morgan and welcome to my course - How to Stop Man-in-the-Middle and Downgrade Attacks in Your Apps. I'm an application security researcher at Blind Spot Security. I have worked for over 10 years as a security consultant where I test the security of networks and applications. Did you know that every time you connect to a network there are potentially dozens, if not hundreds, of other computers that have the ability to intercept and modify your communications? Did you know that even if your web application uses SSL it may be vulnerable to man-in-the-middle attacks that hijack user logion sessions. In this course we are going to learn how to simulate man-in-the-middle attacks to test the security of our own applications, whether they be web applications, mobile applications, or really any application that needs to communicate over a network. Some of the major topics that we will cover include man-in-the-middle attacks and how they work, how to test your own application's certificate validation, protocol downgrade attacks and why many web applications are vulnerable, and man-in-the-middle attacks that hijack HTTP cookies. By the end of this course you'll better understand the risk of network attacks, how to defend against them, and how to validate that your applications implement these defenses correctly. Before beginning the course, you should have a basic understanding of how web applications work and how HTTP is transmitted over SSL to form HTTPS. I hope you'll join me on this journey to learn this critical element of application security with my Pluralsight course - How to Stop Man-in-the-Middle and Downgrade Attacks in Your Apps.