Ivan Ristic - Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications
Here you can read online Ivan Ristic - Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2014, publisher: Feisty Duck, genre: Home and family. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications
- Author:
- Publisher:Feisty Duck
- Genre:
- Year:2014
- Rating:3 / 5
- Favourites:Add to favourites
- Your mark:
Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
In this book, youll find just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to get your job done:
- Comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI, with updates to the digital version
- For IT security professionals, help to understand the risks
- For system administrators, help to deploy systems securely
- For developers, help to design and implement secure web applications
- Practical and concise, with added depth when details are relevant
- Introduction to cryptography and the latest TLS protocol version
- Discussion of weaknesses at every level, covering implementation issues, HTTP and browser problems, and protocol vulnerabilities
- Coverage of the latest attacks, such as BEAST, CRIME, BREACH, Lucky 13, RC4 biases, Triple Handshake Attack, and Heartbleed
- Thorough deployment advice, including advanced technologies, such as Strict Transport Security, Content Security Policy, and pinning
- Guide to using OpenSSL to generate keys and certificates and to create and run a private certification authority
- Guide to using OpenSSL to test servers for vulnerabilities
- Practical advice for secure server configuration using Apache httpd, IIS, Java, Nginx, Microsoft Windows, and Tomcat
Ivan Ristic: author's other books
Who wrote Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications? Find out the surname, the name of the author of the book and a list of all author's works by series.
Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
You are about to undertake a journey into the mysterious world of cryptography. Ive just completed minewriting this bookand its been an amazing experience. Although Id been a user of SSL since its beginnings, I developed a deep interest in it around 2004, when I started to work on my first book, Apache Security. About five years later, in 2009, I was looking for something new to do; I decided to spend more time on SSL, and Ive been focusing on it ever since. The result is this book.
My main reason to go back to SSL was the thought that I could improve things. I saw an important technology hampered by a lack of tools and documentation. Cryptography is a fascinating subject: its a field in which when you know more, you actually know less. Or, in other words, the more you know, the more you discover how much you dont know. I cant count how many times Ive had the experience of reaching a new level of understanding of a complex topic only to have yet another layer of complexity open up to me; thats what makes the subject amazing.
I spent about two years writing this book. At first, I thought Id be able to spread the effort so that I wouldnt have to dedicate my life to it, but that wouldnt work. At some point, I realized that things are changing so quickly that I constantly need to go back and rewrite the finished chapters. Towards the end, about six months ago, I started to spend every spare moment writing to keep up.
I wrote this book to save you time. I spent the large part of the last five years learning everything I could about SSL/TLS and PKI, and I knew that only a few can afford to do the same. I thought that if I put the most important parts of what I know into a book others might be able to achieve a similar level of understanding in a fraction of the timeand here we are.
This book has the word bulletproof in the title, but that doesnt mean that TLS is unbreakable. It does mean that if you follow the advice from this book youll be able to get the most out of TLS and deploy it as securely as anyone else in the world. Its not always going to be easyespecially with web applicationsbut if you persist, youll have better security than 99.99% of servers out there. In fact, even with little effort, you can actually have better security than 99% of the servers on the Internet.
Broadly speaking, there are two paths you can take to read this book. One is to take it easy and start from the beginning. If you have time, this is going to be the more enjoyable approach. But if you want answers quickly, jump straight to chapters 8 and 9. Theyre going to tell you everything you need to know about deploying secure servers while achieving good performance. After that, use chapters 1 through 7 as a reference and chapters 10 through 16 for practical advice as needed.
This book exists to document everything you need to know about SSL/TLS and PKI for practical, daily work. I aimed for just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to help you get your job done.
As I was writing the book, I imagined representatives of three diverse groups looking over my shoulder and asking me questions:
Always pressed for time and forced to deal with an ever-increasing number of security issues on their systems, system administrators need reliable advice about TLS so that they can deal with its configuration quickly and efficiently. Turning to the Web for information on this subject is counterproductive, because theres so much incorrect and obsolete documentation out there.
DevelopersAlthough SSL initially promised to provide security transparently for any TCP-based protocol, in reality developers play a significant part in ensuring that applications remain secure. This is particularly true for web applications, which evolved around SSL and TLS and incorporated features that can subvert them. In theory, you just enable encryption; in practice, you enable encryption but also pay attention to a dozen or so issues, ranging from small to big, that can break your security. In this book, I made a special effort to document every single one of those issues.
ManagersLast but not least, I wrote the book for managers who, even though not necessarily involved with the implementation, still have to understand whats going on and make decisions. The security space is getting increasingly complicated, so understanding the attacks and threats is often a job in itself. Often, there isnt any one way to deal with the situation, and the best way often depends on the context.
Overall, you will find very good coverage of HTTP and web applications here but little to no mention of other protocols. This is largely because HTTP is unique in the way it uses encryption, powered by browsers, which have become the most popular application-delivery platform weve ever had. With that power come many problems, which is why there is so much space dedicated to HTTP.
But dont let that deceive you; if you take away the HTTP chapters, the remaining content (about two-thirds of the book) provides generic advice that can be applied to any protocol that uses TLS. The OpenSSL, Java, and Microsoft chapters provide protocol-generic information for their respective platforms.
That said, if youre looking for configuration examples for products other than web servers you wont find them in this book. The main reason is thatunlike with web servers, for which the market is largely split among a few major platformsthere are a great many products of other types. It was quite a challenge to keep the web server advice up-to-date, being faced with nearly constant changes. I wouldnt be able to handle a larger scope. Therefore, my intent is to publish additional configuration examples online and hopefully provide the initial spark for a community to form to keep the advice up-to-date.
This book has 16 chapters, which can be grouped into several parts. The parts build on one another to provide a complete picture, starting with theory and ending with practical advice.
The first part, chapters 1 through 3, is the foundation of the book and discusses cryptography, SSL, TLS, and PKI:
begins with an introduction to SSL and TLS and discusses where these secure protocols fit in the Internet infrastructure. The remainder of the chapter provides an introduction to cryptography and discusses the classic threat model of the active network attacker.
discusses the details of the TLS protocol. I cover TLS 1.2, which is the most recent version. Information about earlier protocol revisions is provided where appropriate. An overview of the protocol evolution from SSL 3 onwards is included at the end for reference.
is an introduction to Internet PKI, which is the predominant trust model used on the Internet today. The focus is on the standards and organizations as well as governance, ecosystem weaknesses and possible future improvements.
The second part, chapters 4 through 7, details the various problems with trust infrastructure, our security protocols, and their implementations in libraries and programs:
deals with attacks on the trust ecosystem. It covers all the major CA compromises, detailing the weaknesses, attacks, and consequences. This chapter gives a thorough historical perspective on the security of the PKI ecosystem, which is important for understanding its evolution.
is all about the relationship between HTTP and TLS, the problems arising from the organic growth of the Web, and the messy interactions between different pieces of the web ecosystem.
deals with issues arising from design and programming mistakes related to random number generation, certificate validation, and other key TLS and PKI functionality. In addition, it discusses voluntary protocol downgrade and truncation attacks and also covers Heartbleed.
Font size:
Interval:
Bookmark:
Similar books «Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications»
Look at similar books to Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.