Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications (Paperback)

Bulletproof SSL and TLS is a complete guide to using SSL and TLS encryption to deploy secure servers and web applications. Written by Ivan Ristic, the author of the popular SSL Labs web site, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks.

In this book, you'll find just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to get your job done:

• Comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI, with updates to the digital version
• For IT security professionals, help to understand the risks
• For system administrators, help to deploy systems securely
• For developers, help to design and implement secure web applications
• Practical and concise, with added depth when details are relevant
• Introduction to cryptography and the latest TLS protocol version
• Discussion of weaknesses at every level, covering implementation issues, HTTP and browser problems, and protocol vulnerabilities
• Coverage of the latest attacks, such as BEAST, CRIME, BREACH, Lucky 13, RC4 biases, Triple Handshake Attack, and Heartbleed
• Thorough deployment advice, including advanced technologies, such as Strict Transport Security, Content Security Policy, and pinning
• Guide to using OpenSSL to generate keys and certificates and to create and run a private certification authority
• Guide to using OpenSSL to test servers for vulnerabilities
• Practical advice for secure server configuration using Apache httpd, IIS, Java, Nginx, Microsoft Windows, and Tomcat

This book is available in paperback and a variety of digital formats without DRM. Digital version of Bulletproof SSL and TLS can be obtained directly from the author, at feistyduck.com.

《強固的SSL和TLS》是一本完整指南，教導如何使用SSL和TLS加密來部署安全的伺服器和網路應用程式。本書由知名SSL Labs網站的作者Ivan Ristic所撰寫，將教導讀者保護系統免受竊聽和冒充攻擊的一切所需知識。

本書提供了理論、協議細節、漏洞和弱點資訊以及部署建議的適當結合，幫助讀者完成工作：

- 全面涵蓋SSL/TLS和網際網路PKI這個不斷變化的領域，並提供數位版本的更新
- 對於IT安全專業人員，幫助了解風險
- 對於系統管理員，幫助安全部署系統
- 對於開發人員，幫助設計和實施安全的網路應用程式
- 實用而簡潔，並在相關時提供更深入的內容
- 介紹密碼學和最新的TLS協議版本
- 討論各個層面的弱點，包括實施問題、HTTP和瀏覽器問題以及協議漏洞
- 詳細介紹最新的攻擊，如BEAST、CRIME、BREACH、Lucky 13、RC4偏差、三次握手攻擊和Heartbleed
- 提供全面的部署建議，包括Strict Transport Security、Content Security Policy和pinning等先進技術
- 指導使用OpenSSL生成金鑰和憑證，以及建立和運行私有認證機構
- 指導使用OpenSSL測試伺服器的漏洞
- 提供Apache httpd、IIS、Java、Nginx、Microsoft Windows和Tomcat等安全伺服器配置的實用建議

本書以平裝書和多種無DRM的數位格式提供。《強固的SSL和TLS》的數位版本可以直接從作者的網站feistyduck.com獲得。