Bulletproof TLS and PKI, Second Edition: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications

Bulletproof TLS and PKI is a complete guide to using TLS encryption and PKI to deploy secure servers and web applications. Written by Ivan Ristic, author of the popular SSL Labs web site, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks.

In this book, you'll find just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to get your job done:

• Comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI, with updates to the digital version
• For IT professionals, help to understand security risks
• For system administrators, help to deploy systems securely
• For developers, help to secure web applications
• Practical and concise, with added depth as needed
• Introduction to cryptography and the Internet threat model
• Coverage of TLS 1.3 as well as earlier protocol versions
• Discussion of weaknesses at every level, covering implementation issues, HTTP and browser problems, and protocol vulnerabilities
• Coverage of the latest attacks, such as BEAST, CRIME, BREACH, Lucky 13, RC4 biases, Triple Handshake Attack, and Heartbleed
• Thorough deployment advice, including advanced technologies, such as Strict Transport Security, Content Security Policy, and pinning
• Guide to using OpenSSL to generate keys and certificates and to create and run a private certification authority
• Guide to using OpenSSL to test servers for vulnerabilities

This book is also available in a variety of digital formats directly from the publisher. Visit us at www.feistyduck.com.

《強固的TLS和PKI》是一本完整指南，教導如何使用TLS加密和PKI部署安全的伺服器和網路應用程式。本書由知名SSL Labs網站的作者Ivan Ristic所撰寫，將教導讀者如何保護系統免受竊聽和冒充攻擊。

本書結合了理論、協議細節、漏洞和弱點資訊以及部署建議，提供讀者所需的一切知識：

- 全面涵蓋SSL/TLS和網際網路PKI這個不斷變化的領域，並提供數位版本的更新
- 幫助IT專業人員了解安全風險
- 幫助系統管理員安全部署系統
- 幫助開發人員保護網路應用程式
- 實用而簡潔，根據需要提供更深入的內容
- 介紹密碼學和網路威脅模型
- 詳細介紹TLS 1.3以及之前的協議版本
- 討論各個層面的弱點，包括實作問題、HTTP和瀏覽器問題以及協議漏洞
- 詳細介紹最新的攻擊，如BEAST、CRIME、BREACH、Lucky 13、RC4偏差、Triple Handshake Attack和Heartbleed
- 提供全面的部署建議，包括高級技術，如Strict Transport Security、Content Security Policy和pinning
- 指導使用OpenSSL生成金鑰和憑證，以及建立和運行私有認證機構
- 指導使用OpenSSL測試伺服器的漏洞

本書也提供多種數位格式，可直接從出版商網站www.feistyduck.com購買。