Reddit reviews Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications
We found 5 Reddit comments about Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications. Here are the top ones, ranked by their Reddit score.
There's this book:
https://www.amazon.de/Bulletproof-SSL-TLS-Ivan-Ristic/dp/1907117040?SubscriptionId=AKIAILSHYYTFIVPWUY6Q&tag=duc03-21&linkCode=xm2&camp=2025&creative=165953&creativeASIN=1907117040
Being in Security, Bulletproof SSL and TLS. Gave me the boost I needed.
https://www.amazon.com/Bulletproof-SSL-TLS-Understanding-Applications/dp/1907117040/
Unfortunately, I don't know of a great book on privileged access management in general. It's more of a high-level topic involving different vendor solutions with their own implementations rather than a specific protocol. For storing secrets in general, obviously encryption standards like AES play a big role - these solutions generally store the secrets on a locked down central server and either provide a portal to allow access to the remote endpoints without exposing the credential/keys to the users (one of the advantages of a credential/key repository is that you can then enable access to systems without the users knowing the logon - they have to go through an access portal, which lets you theoretically do more auditing and enforcing company policies on how that information is used) or they let you check out a credential/key that you have access to. But there's more involved than just that like identity stores, provisioning/deprovisioning workflows or access mgmt in general, auditing/entitlement events/ledgers, attestation reviews, session recording, password/key rotation, access governance and so on.
Instead of a book on Privileged Access Management / Identity and Access Management, I would recommend looking up whitepapers or youtube demos/webinars on some of the key players in the field. These include CyberArk, BeyondTrust, Centrify, NetIQ / MicroFocus (same company now), etc. That can give you a pretty good idea of how they do things and how those different solutions compare.
For a good book on SSL/TLS in general that I liked, since SSL is still very important and used in lots of things, I would recommend https://www.amazon.com/Bulletproof-SSL-TLS-Understanding-Applications/dp/1907117040
For a free and open source secret server (like for storing passwords or ssh keys), I would recommend CyberArk's Conjur: https://www.conjur.org/ - on github it's at: https://github.com/cyberark/conjur
Saw this in another thread:
https://www.amazon.de/Bulletproof-SSL-TLS-Ivan-Ristic/dp/1907117040?SubscriptionId=AKIAILSHYYTFIVPWUY6Q&tag=duc03-21&linkCode=xm2&camp=2025&creative=165953&creativeASIN=1907117040
Haven't read it myself, but people were raving about it