Bulletproof SSL and TLS Book
The most comprehensive book about deploying TLS in the real world!
- Nasko Oskov, Chrome Security developer and former SChannel developer
Ivan Ristic recently released the digital version of his excellent book Bulletproof SSL and TLS: Understanding and deploying SSL/TLS and Internet PKI to secure servers and web applications. In it, he offers clear and simple instructions for system administrators, developers, and others allowing them to understand and properly deploy SSL. Ristic is the creator of the extremely useful SSL Labs Server Test tool that gives administrators a detailed look at the SSL and TLS vulnerabilities on their website.
It's surprising how clear and practical Ristic's writing is while he delves into detailed explanations of ciphers, protocols, and vulnerabilities. The industry finally has the perfect book for introducing people to the world of SSL. The book covers the following topics:
- Comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI, with updates to the digital version
- For IT security professionals, help to understand the risks
- For system administrators, help to deploy systems securely
- For developers, help to design and implement secure web applications
- Practical and concise, with added depth when details are relevant
- Introduction to cryptography and the latest TLS protocol version
- Discussion of weaknesses at every level, covering implementation issues, HTTP and browser problems, and protocol vulnerabilities
- Coverage of the latest attacks, such as BEAST, CRIME, BREACH, Lucky 13, RC4 biases, Triple Handshake Attack, and Heartbleed
- Thorough deployment advice, including advanced technologies, such as Strict Transport Security, Content Security Policy, and pinning
- Guide to using OpenSSL to generate keys and certificates and to create and run a private certification authority
- Guide to using OpenSSL to test servers for vulnerabilities
- Practical advice for secure server configuration using Apache httpd, IIS, Java, Nginx, Microsoft Windows, and Tomcat
About the Author
Ivan Ristic is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.
He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.