High Performance, Low Cost, and Strong Security: Pick Any Three

Chris Palmer (iSEC Partners)
Security
Location: 2010
Average rating: ***..
(3.00, 2 ratings)

HTTPS is a baseline prerequisite for a secure web application. By measuring bytes on the wire and microseconds elapsed, we can see the exact performance effect of HTTPS vs HTTP. In doing so, we may discover that optimizing other aspects of the application improves latency and throughput more than turning off HTTPS does. We present free tools to help you measure your application.

Many factors affect objective and subjective site performance, including:

  • the size and number of media elements on a page
  • the number of distinct hosts media elements are served from
  • back-end efficiency (database connections used, amount of data retrieved from database)
  • web server configuration (pipelining? TLS session resumption? HTTP 1.1 keepalive? et c.)
  • efficiency/complexity of client-side JavaScript code (especially for complex AJAX applications)

The cost of TLS/SSL is often misunderstood:

  • by using HTTP 1.1, we can transfer multiple media elements over the same connection, amortizing the setup cost of TLS
  • by using SSL session resumption, we can amortize the cost of the public key operations
  • whatever the cost of symmetric cryptography, it’s half what it was 18 months ago…

Optimizing these other factors can save you money, improve the user experience, and make the use of HTTPS the least of your performance concerns—in turn, enabling application security. Measurement allows us to identify performance problems, helping us provide a safe and responsive experience for our users.

Chris Palmer

iSEC Partners

Chris Palmer is a senior security consultant with iSEC Partners, a strategic digital security company. Prior to iSEC, Chris worked for the Electronic Frontier Foundation where he provided technical management and analysis of several key EFF projects and provided technical advice to EFF (and other) lawyers. Prior to the EFF, Chris built web applications.

  • 3Tera, Inc
  • Ascentium
  • Awareness
  • HiveLive, Inc.
  • ImageSpan
  • Jive Software
  • Juniper Networks
  • Kapow Technologies
  • Keynote Systems
  • LithiumTechnologies
  • Nokia
  • nomee
  • Qtask
  • Rackspace Hosting
  • Remy
  • TamTamy
  • Vignette
  • Yola (fka SynthaSite)
  • Znak
Sponsors
  • IBM
  • eBay
  • Microsoft Corporation
  • Salesforce.com
  • Adobe Systems, Inc.
  • EffectiveUI
  • Germany Trade & Invest
  • NeuStar
  • ONEsite

Sponsor & Exhibitor Opportunities

Natalia Dugandzic
415-947-6709
ndugandzic@techweb.com

Media Sponsor Opportunities

Matthew Balthazor
949-223-3628
mbalthazor@techweb.com

Speaker / Program Ideas

Have a suggestion for a speaker or topic at Web 2.0 Expo San Francisco? Send an email to: sf-idea@web2expo.com

Press/Media Inquiries

Maureen Jennings
707-827-7083
maureen@oreilly.com

or

Natalia Wodecki
415-947-6762
nwodecki@techweb.com

Contact Us

View a complete list of Web 2.0 Expo contacts.