A cornerstone of application security is securing communications over untrusted networks. During this course, students will learn how adversaries can gain access to other users' communications through a variety of techniques, and prevention strategies. The course covers specific topics ranging from the SSL/TLS certificate authority system, to secure web session management and mobile communications security. Knowledge of how to conduct simulated man-in-the-middle attacks to empirically test SSL/TLS certificate validation will unfold in realistic scenarios. Upon completion, scholars have a thorough understanding of techniques to prevent interception and make applications more secure.
Learning Objectives
- Overview and PKI Crash Course
- Certificate Validation Testing
- A Short History of SSL/TLS Protocol Flaws
- Web-oriented Man-in-the-Middle Attacks
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Exploitation Analysis
- Software Development
- Vulnerability Assessment and Management