Author/s : Ivan Ristić
Publisher : Feisty Duck
Category : Other Review by : Vijitha Kumara
Rating : 9 horseshoes
While the book covers lot of theoretical aspects about the SSL/TLS it also dedicates lot of space for practical scenarios where those are used. The book elaborates the entire Internet PKI ecosystem, the problems with CAs and what the real "trust" means.
It was very interesting to read how some of the major attacks carried out by researchers & hackers to prove the weaknesses in PKI, protocol implementations and security in general. It also explains the enhancements done to rectify those weaknesses at various levels of the protocols/technology stacks.
It goes on to discuss the issues in HTTP and browser implementations and how major platforms had failed in different security validations specially with regards to certificates.
Book gives some very good recommendations on how to implement SSL/TLS reliably and also includes how to test for known recent vulnerabilities like Heartbleed and the likes. It also discusses how some of the key technologies like CSP, HSTS, Pinning and how they enhance the security.
Last few chapters focus on configuring some known and widely used tech stacks. It demonstrate how configurations for SSL/TLS are done with Apache, Microsoft Windows(IIS), Nginx, Tomcat and also describes the TLS capabilities in Java platform.
The book mainly targets System Administrators, Developers and Managers but I feel it is a very good source of information for anyone interested in SSL/TLS and security in general.
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.