Tag Archive for: Certificate

Graduate Certificate Computer Security and Privacy

/in


Who is Computer Security and Privacy Certificate program for?

Drexel College of Computing & Informatics’ Post-Baccalaureate/Graduate Certificate in Computer Security and Privacy provides broad technical expertise in software security, network security and computer privacy. It includes introductory courses in security engineering and computer privacy that cover the technical fundamentals. Electives provide additional in-depth expertise in operating systems, computer networks and cryptography which are essential bodies of knowledge to be able to do technical work in modern computer security. This program is designed to prepare working professionals to meet this demand by providing deep technical expertise in computer security and privacy.

This certificate can be combined with other certificates and/or courses to create the Master of Science degrees listed below.

Fast Facts

Curriculum

IMPORTANT NOTE: Drexel operates on the quarter, not semester, system, offering classes during four 10-week terms throughout the year.

Please visit Drexel’s Course Catalog for a full description of each required and elective course for this program. You can also find a sample Plan of Study for the certificate.

Admissions Requirements

  • A completed application for the online format or on-campus format.
  • A four-year bachelor’s degree or Master’s degree from a regionally accredited institution in Computer Science, Software Engineering or related STEM degree plus work experience equal to Drexel’s Post-Baccalaureate Certificate in Computer Science Foundations.
  • A GPA of 3.0 or higher, in a completed degree program, bachelor’s degree or above.
  • Official final transcripts from ALL Colleges/Universities attended. Please note: For students who have attended an institution outside of the US, it is highly recommended to submit a NACES approved course-by-course transcript evaluation (i.e., WES) for expedited review of your application. This approved evaluation will take the place of the transcript requirement to complete your application.
  • Graduate Record Examination (GRE) Scores (must be five years old or less) are not required but recommended for international students and…

Source…

Understanding the Different Types of Certificate Authorities 

/in


Establishing trust online is a crucial component of collaboration in the digital age. From using a third-party vendor to shopping online to communicating via email, companies and individuals rely on this trust to do business. How can they know they are communicating with the right person and not an actor behind a phishing scheme?

A certificate authority (CA) plays a vital role in making this happen. CAs follow strict industry standards, verify identities, and issue digital certificates. Here is your guide to what a CA is, why it matters, and the different types of CAs available today.

What Is a Certificate Authority (CA)?

Certificates ensure a system is who they say they are, but the system must also be assured that the certificate itself is genuine. This is where trusted third parties come into play. Certificate authorities are independent bodies that issue and vouch for certificates.

As a vital component of the public key infrastructure (PKI), CAs create digital certificates that cryptographically link public keys with the owners’ identities. The CA is responsible for validating the identity of the entity associated with a given public key and issuing the digital certificates that attest to this identity. The CA follows specific protocols to verify the requester’s identity before issuing the certificate. This protocol involves checking official documentation or performing a background check.

CAs also have mechanisms for revoking certificates. Revocation happens when a key associated with a certificate is compromised or if the entity that was issued a certificate no longer exists.

Importance of Certificate Authorities

CAs play a crucial role in ensuring internet security. Certificates can secure digital signatures and establish secure network connections via protocols such as HTTPS. 

Here are some of the top reasons why CAs are critical in the digital world:

  • Establishing trust. CAs provide the foundation of trust on the internet. For example, when users connect to a website, their browser trusts the website if it has a valid certificate issued by a trusted CA. Without this mechanism, it’s hard to establish trust between two parties that have never interacted….

Source…

How To Manage Security Risks & Threats | Google Cybersecurity Certificate

/in



Is Certificate Pinning Worth it?

/in


Pinning concept; overhead view of yellow and white push pins on a blue background

In a word – yes; when implemented correctly, certificate pinning is an effective method for securing mobile application traffic by restricting the accepted certificates to just those you are willing to trust. In its most secure manifestation, this trust sits outside the standard TLS certificate store managed by the device.

We’ve written extensively on the topic of certificate pinning and at the end of this article you’ll find links to more in-depth articles as well as a handy free tool for auto generating pinning configurations.

How does TLS protect the mobile channel?

TLS enables two parties to communicate securely using Public Key Infrastructure (PKI) and Certificate Authorities. With PKI a mobile app can check the validity of the backend server using certificates through a trusted third party (the Certificate Authority). A list of trusted certificates is held by the device in order to verify the identity of valid servers. 

The API channel between mobile applications and their backend servers is an increasingly common attack vector due to the rapid growth in mobile app usage. TLS alone is not enough to protect this channel  – it can be intercepted and manipulated.

If an attacker is able to modify the set of trusted device certificates, directly or via a device vulnerability, or fraudulently obtain a trusted certificate for the target domain, then a MitM attack is still possible.

A MitM attacker can intercept the encrypted traffic and trick the mobile app into thinking it is communicating with a valid backend server. The attacker is then able to modify or manipulate the traffic and transmit it back along the encrypted channel to the backend service.

Approov diagram showing Man in the Middle attack

What is certificate pinning and how does it prevent MitM attacks?

Certificate pinning replaces dependence on the device’s set of certificates with a set of certificates known and trusted by the app itself. For static pinning, the set of certificates trusted by the app (the pins) are distributed with the app itself. Updates to the permitted pins need to be distributed via a new version of the app. 

However, given how slow end users can be to install updates, there is a risk that the app will no longer function…

Source…