Presentation: Secure HTTP usage
How hard can it be?
For protecting the privacy of our users and the security and integrity of their systems, usage of transport encryption and authentication is crucial for any network communication. HTTP over TLS (HTTPS) is probably the most widespread set of protocols for that. What do we need to look out for when using this in our applications?
In this talk we will look at how to implement secure network communication in libraries or applications, using the methods available in Qt (QNetworkAccessManager, QSslSocket) and KDE Frameworks (KIO, KTcpSocket). Unfortunately, both have their own set of pitfalls and limitations one needs to be aware of.
Besides successfully establishing secure connections, we will cover handling and testing of TLS error scenarios, as well as how to apply additional security mechanisms like HTTP Strict Transport Security (HSTS).
Knowing how to implement and use this correctly however only solves part of the problem, we will therefore also look at ways to identify insecure network operations in our existing code base.