Archiv pro měsíc: Srpen 2014

Jonathan Carter – OWASP and Mobile Security

On the day before Black Hat 2014 kicked off, I was able to sit with Jonathan Carter to talk about his work and the projects he participates on in OWASP. The audio recording is a bit raw because the sound was cranked up in a conference full of people. What Jonathan has to say should more than compensate. About Jonathan Carter Jonathan Carter is an application security professional with over 15 years of security expertise within Canada, United States, Australia, and England. As a Software Engineer, Jonathan produced software for online gaming systems, payment gateways, SMS messaging gateways, and other solutions requiring a high degree of application security. Jonathan’s technical background in artificial intelligence and static code analysis has lead him to a diverse number of security roles: Enterprise Security Architect, Web Application Penetration Tester, Fortify Security Researcher, and Security Governance lead. He is currently Arxan’s Technical Director.

Jonathan Carter – OWASP and Mobile Security

On the day before Black Hat 2014 kicked off, I was able to sit with Jonathan Carter to talk about his work and the projects he participates on in OWASP. The audio recording is a bit raw because the sound was cranked up in a conference full of people. What Jonathan has to say should more than compensate. About Jonathan Carter Jonathan Carter is an application security professional with over 15 years of security expertise within Canada, United States, Australia, and England. As a Software Engineer, Jonathan produced software for online gaming systems, payment gateways, SMS messaging gateways, and other solutions requiring a high degree of application security. Jonathan’s technical background in artificial intelligence and static code analysis has lead him to a diverse number of security roles: Enterprise Security Architect, Web Application Penetration Tester, Fortify Security Researcher, and Security Governance lead. He is currently Arxan’s Technical Director.

Bulletproof SSL and TLS has been released!

It gives me great pleasure to announce that my book, Bulletproof SSL and
TLS
, has now been officially released. Writing it took me more than two years
(I started in May 2012, believe it or not), during which I spent the
equivalent of about 7 months of full time work.

The end result is about 528 pages of text (in print; 513 in the version
optimised for screen reading) spread across 16 chapters. The book is a
complete package with an introduction to cryptography, SSL, TLS, and PKI,
followed by a complete coverage of the current problems with the
protocols as well as the entire ecosystem, and a ton of practical advice for
configuration and performance tuning. OpenSSL is well covered with two
chapters, and there’s a chapter for each of Apache, Java and Tomcat, Microsoft
and IIS, and Nginx.

During July I went through the entire book to update and refresh the
earlier chapters. I extended the OpenSSL chapter with a
section on running private certification authorities. The Apache and Nginx
chapters were extended to include client certificate authentication. Apache
2.4.10 introduced some changes to how it handles SNI and, naturally, I
needed to include that in the book, too. I added Preface to the
beginning and Summary to the end. Finally, I added the index, without which
the print edition wouldn’t be complete.

If you purchased the early access edition since we had announced it in
February, now is a good time to go back to the Feisty Duck web
site
and download the final files. (Final for now, that is.) If you purchased the
paper version, your book is currently being printed and will be shipped to
you soon.

For more information about Bulletproof SSL and TLS, please visit the Feisty Duck web
site:

https://www.feistyduck.com/books/bulletproof-ssl-and-tls/