Build resilient systems at scale
May 27–29, 2015 • Santa Clara, CA

HTTPS in 2015

Eric Lawrence (Google)
1:45pm–2:25pm Thursday, 05/28/2015
Location: Ballroom GH
Tags: Security
Average rating: ****.
(4.58, 12 ratings)
Slides:   1-PPT    external link

Prerequisite Knowledge

A general understanding of web browsers and servers.


Anyone watching the news knows that securing your websites and services using HTTPS has never been more important.

In this talk, a former browser security program manager covers the best practices for using HTTPS today. Topics covered in this session include ciphers and hash algorithms, forward secrecy, handshakes and protocols, and new browser features like HSTS and PKP. We’ll talk about exciting developments in 2015 that will make securing your site simpler than ever before, even as attackers get ever more sophisticated.

Explore how attackers circumvent HTTPS, and what you can do to help protect your visitors and keep customers safe from snoops and bad guys.

Secure all the things!

Photo of Eric Lawrence

Eric Lawrence


I’m passionate about building tools to help developers and testers build better web applications. I built the Fiddler Web Debugger and spent a dozen years at Microsoft working on the Office Online and Internet Explorer engineering teams.

You can read my content on Twitter @ericlaw and check out my Fiddler blog and IEInternals blog

Comments on this page are now closed.


Picture of Eric Lawrence
Eric Lawrence
05/28/2015 9:20am PDT
Picture of Eric Lawrence
Eric Lawrence
05/28/2015 9:19am PDT

Thanks for coming!

Slides should appear on this page at some point, but until then you can view them here:

Kevin Jones
05/28/2015 9:13am PDT

Can you provide the slide for your presentation? Thanks for the good talk.