As a security professional, you are on constant alert for external threats. However, today’s dynamic and complex infrastructure is causing many internal breaches due to incorrect configuration of IT resources, including SSL. To help improve how encryption is used, Qualys created a research project called SSL Labs to address two major problems within the security ecosystem: lack of tools and documentation.

Watch our two part series to discover how you can detect and address unsafe SSL configurations.


Part 1: Detecting and Addressing Unsafe SSL Configurations

In part 1 of this session you'll discover more about the current state of SSL encryption and how major problems are being addressed. Don’t miss this important SSL update featuring the resources and key steps you need to take to improve security. Learn more about:


  • Addressing the FREAK and POODLE vulnerabilities — including the impact and how to take action, even for the lesser-known POODLE TLS
  • Status of the Heartbleed software defect — how prevalent is this vulnerability today?
  • SHA1 Deprecation — and migration to SHA2
  • SSL Labs APIs and resources — including best practices for testing servers

Learn about the new features of Qualys SSL Labs, including free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. These new enhancements provide the same results as those obtained manually on SSL Labs, while enabling security professionals managing several websites to consolidate testing, detect changes in results and receive notifications on certificate expiration.

Speakers: Wolfgang Kandek, CTO, Qualys
Jonathan Trull, CISO, Qualys
Ivan Ristić, Director of Application Security Research, Qualys

Watch Now

Part 2: Live Q&A Session: Detecting and Addressing Unsafe SSL Configurations

Following the success of the original SSL webcast, “Detecting & Addressing Unsafe SSL Configurations”, part 2 addresses the questions asked by our audience during the initial session. Watch Wolfgang Kandek, CTO at Qualys and Ivan Ristić, Author and Director of Application Security Research at Qualys delve into more detail about the real-world issues being faced by our audience today.

Speakers: Wolfgang Kandek, CTO, Qualys
Ivan Ristić, Director of Application Security Research, Qualys

Watch Now



About the Speakers


Ivan Ristić, is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site. He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.





Wolfgang Kandek is the CTO for Qualys, he is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany. Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Conference, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog.



Jonathan Trull, is the CISO at Qualys. In this role is responsible for working with Qualys’ growing customer base to develop and share security best practices, researching real world threats and collaborating on how to address them. Before joining Qualys, Jonathan was the CISO for the State of Colorado, where he oversaw the information security operations for 17 executive branch departments, encompassing approximately 26,000 employees and 150,000 systems. In cooperation with federal and state partners, Jonathan formed the State’s first Cyber Crime Task Force, which is charged with conducting criminal investigations into computer crimes, developing and sharing cyber intelligence, and working with local government and private sector partners to increase cyber resiliency. Jonathan is a Certified Information Systems Auditor, Offensive Security Certified Professional, and holds a master’s degree from the University of North Texas. He is a frequent speaker at security events such as RSA and Gartner and was recently named by the SANS Institute as one of the 2013 People Who Made a Difference in Cyber Security. Jonathan also serves his country as a cyber warrior in the U.S. Navy Reserves.