کتاب Bulletproof TLS and PKI نوشتهٔ ایوان ریستیچ، یک راهنمای جامع برای استفاده از رمزنگاری TLS و زیرساخت کلید عمومی (PKI) در جهت ایمن‌سازی سرورها و برنامه‌های تحت وب است. این کتاب به‌طور خاص برای مدیران سیستم، توسعه‌دهندگان و متخصصان امنیت اطلاعات طراحی شده و به آن‌ها کمک می‌کند تا پیاده‌سازی‌های امن‌تری را در محیط‌های خود انجام دهند.

ایوان ریستیچ نویسندهٔ این کتاب، یک محقق امنیتی برجسته است که به‌خاطر تألیف این کتاب و ایجاد پروژهٔ SSL Labs شهرت دارد؛ پروژه‌ای که به بهبود امنیت میلیون‌ها وب‌سایت کمک کرده است. پیش از این، او ModSecurity را ایجاد کرد که به‌عنوان یک فایروال برنامهٔ وب اوپن سورس پیشرو شناخته می‌شود.

ویرایش گرامری این کتاب در May 2024 انجام شده است.

Bulletproof TLS and PKI is a complete guide to using TLS encryption and PKI to deploy secure servers and web applications. Written by Ivan Ristic, author of the popular SSL Labs web site, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks.

In this book, you'll find just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to get your job done:

• Comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI, with updates to the digital version
• For IT professionals, help to understand security risks
• For system administrators, help to deploy systems securely
• For developers, help to secure web applications
• Practical and concise, with added depth as needed
• Introduction to cryptography and the Internet threat model
• Coverage of TLS 1.3 as well as earlier protocol versions
• Discussion of weaknesses at every level, covering implementation issues, HTTP and browser problems, and protocol vulnerabilities
• Coverage of the latest attacks, such as BEAST, CRIME, BREACH, Lucky 13, RC4 biases, Triple Handshake Attack, and Heartbleed
• Thorough deployment advice, including advanced technologies, such as Strict Transport Security, Content Security Policy, and pinning
• Guide to using OpenSSL to generate keys and certificates and to create and run a private certification authority
• Guide to using OpenSSL to test servers for vulnerabilities

This book is also available in a variety of digital formats directly from the publisher. Visit us at www.feistyduck.com.

Table of Contents

Chapter 1: SSL, TLS, and Cryptography

Chapter 2: TLS 1.3

Chapter 3: TLS 1.2

Chapter 4: Public Key Infrastructure

Chapter 5: Attacks against PKI

Chapter 6: HTTP and Browser Issues

Chapter 7: Implementation Issues

Chapter 8: Protocol Attacks

Chapter 9: Performance

Chapter 10: HSTS, CSP, and Pinning

Chapter 11: Configuration Guide

Chapter 12: OpenSSL Command Line

Chapter 13: Testing TLS with OpenSSL

Chapter 14: Summary

About the Author

Ivan Ristic writes computer security books and builds security products. His book Bulletproof TLS and PKI, the result of more than a decade of research and study, is widely recognised as the de-facto SSL/TLS and PKI reference manual. His work on SSL Labs made hundreds of thousands of web sites more secure. Before that, he created ModSecurity, a leading open source web application firewall.

More recently, Ivan founded Hardenize, a platform for continuous security monitoring that provides free assessments to everyone. He's a member of Let's Encrypt's technical advisory board.