VISIT LIBRARY SPONSOR A BOOK HOW IT WORKS NEWSLETTER FEEDBACK

Protecting Against Web Application Threats using SSL

by Dan Sullivan

SYNOPSIS

Businesses face an increasingly complex set of threats to their Web applications - from malware and advanced persistent threats to disgruntled employees and unintentional data leaks. Although there is no single security measure than can prevent all threats there are some that provide broad-based mitigation to a number of threats. The use of SSL encryption and digital certificate based authentication is one of them. In this shortcut guide, readers will learn how changes in the way we deliver services, the increasing use of mobile devices, the adoption of cloud computing compounded by the ever-evolving means of stealing information and compromising services leave Web applications vulnerable to attack. You will also learn how SSL encryption can protect server to server communications, client devices, cloud resources and other endpoints in order to help prevent the risk of data loss. Readers are provided with a step by step guide to assess their current state of vulnerability, determine where SSL encryption and digital certificate-based authentication is needed, plan for the rollout of SSL to Web applications, and establish policies and procedures to manage the full lifecycle of SSL certificates.


CHAPTER PREVIEWS

Chapter 1: Combined Risk of Data Loss and Loss of Customer Trust

Businesses face an increasingly complex set of threats to their Web applications—from malware and advanced persistent threats (APTs) to disgruntled employees and unintentional data leaks. Although there is no single security measure than can prevent all threats, there are some that provide broad-based mitigation to a number of threats. The use of SSL encryption and digital certificate-based authentication is one of them. Changes in the way we deliver services, the increasing use of mobile devices, and the adoption of cloud computing compounded by the ever-evolving means of stealing information and compromising services leave Web applications vulnerable to attack. SSL encryption can protect server-to-server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss. A later chapter provides a step-by-step guide to assessing your needs, determining where SSL encryption and digital certificate-based authentication may be helpful, planning for the rollout of SSL to Web applications, and establishing policies and procedures to manage the full life cycle of SSL certificates. In this chapter, we turn our attention to the combined risk of losing data and losing customer trust.


Chapter 2: How SSL Certificates Can Protect Online Business and Maintain Customer Trust

What underlies SSL certificates is a well-established method for securing communication and authenticating services. To better understand how SSL certificates can protect online business, it helps to know something about the inner workings of SSL. Working with SSL certificates is a bit like driving a car - you do not need to be an auto mechanic to drive a car, but it can help to know the basics of how your engine and transmission work.

This chapter is organized into three sections:

  • How SSL certificates work
  • Web applications with and without SSL certificate protection
  • Authentication and trust

The first section looks under the hood of an SSL certificate to describe its components and how they work to secure communications and support authentication. The second section continues the look-under-the-hood approach and considers how an application without SSL certificate protections operates differently than one using SSL certificates. In the third section, continuing our regimen of delving into the implementation details of SSL certificates, we look at how SSL certificates are created, the different types of SSL certificates, and the role of SSL certificate providers in establishing and maintaining a trust relationship between providers of SSL certificates, businesses that use them, and customers that expect the kinds of protections they provide.


Chapter 3: Planning, Deploying, and Maintaining SSL Certificates to Protect Against Information Loss and Build Customer Trust
SSL certificates can play an important role in securing Web applications but as with any IT system, especially security mechanisms, it pays to plan how you will deploy and maintain that system. In the previous chapters, we have examined how data loss can undermine customer trust and how SSL certificates can be used to protect online business and maintain customer trust. Now that we have covered the conceptual elements of what SSL certificates do and how they work, it is time to discuss implementation details.

This chapter will assume you understand the basic components of an SSL certificate and how it works, and are interested in implementing SSL certificates to protect your Web applications. This chapter is divided into four main sections:

  • Planning for the use of SSL certificates
  • Deploying SSL certificates
  • Maintaining SSL certificates
  • Choosing the right type of SSL certificate for your needs