Inspired by great technologies and projects as HSTS, The SSL Observatory, and HTTPS Everywhere and the repeated attempts to convince companies to just use HTTPS, this talk will be an overview and analysis of how HTTPS is used by the top websites on the internet. Which companies care about security enough to encrypt your traffic? Do companies actually support the insecure ciphersuites? What is HSTS and what percentage of sites actually use it? These questions and more will be addressed, plus there'll be plenty of charts to geek out on.
Tom Samstag is a Security Engineer at Security Innovation in Seattle, performing penetration testing and security code review. Passionate about security research for many years, he made the move professionally to security from video game development last year. He is also a dedicated member of the Neg9 CTF team. A C programmer at heart, his interests tend to gravitate towards reverse engineering, exploitation, static analysis, and other bit-fu aspects of software and security.