Description
Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications. The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols. Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, instead of bogging you down in the technical details of how SSL works under the hood, this book provides only the information that is necessary to use OpenSSL safely and effectively. In step-by-step fashion, the book details the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges. As a system or network administrator, you will benefit from the thorough treatment of the OpenSSL command-line interface, as well as from step-by-step directions for obtaining certificates and setting up your own certification authority. As a developer, you will further benefit from the in-depth discussions and examples of how to use OpenSSL in your own programs. Although OpenSSL is written in C, information on how to use OpenSSL with Perl, Python and PHP is also included. OpenSSL may well answer your need to protect sensitive data. If that?s the case, Network Security with OpenSSL is the only guide available on the subject.
About the Author
John Viega, well known in the field of software security, has authored and co-authored several books and over 50 articles - including 15 academic research papers - primarily on this topic. He is a contributor to George Reese's forthcoming O'Reilly book, Java Enterprise Architecture and co-authored a lengthy appendix to the Wiley book Securing Java (McGraw and Felten). Matt Messier has been writing free software for 11 years. In the early '90s, he wrote prominent software for BBSs, including ProChat, an external door program for PCBoard systems running multiple nodes in a network environment (LANtastic or Novell). The past five years, he contracted to Lotus as a software engineer working on Lotus 1-2-3, Freelance Graphics. Matt has integrated OpenSSL with the LPC programming language, and used it to add SSL support to several real-world applications, including a telnet implementation. Pravir Chandra, programming since he was 14, became interested in security at Case Western University, where he gained work-related experience in secure network design, computer forensics, secure software design and programming language-level security. He became an expert on language-level security. Pavil's extensive work on open-source projects include an entropy collection system and cryptographic random number generation implementation for the Linux kernel, and RATS (Rough Auditing Tool for Security), a program that drastically reduces the man hours required to perform source audits.
Reviews
"If you have struggled with OpenSSL and the supplied documentation then you will regret the amount of time that you have wasted before finding this book. If you are planning to use OpenSSL then you need to buy a copy - it's essential reading. What is more surprising is that even if you don't plan to use OpenSSL, then downloading it and trying out the examples in the book could be the education in practical cryptography you really need. What more can I say of any book, other than that I certainly won't be lending it to anyone else? It's going to remain firmly chained to my bookshelf for the foreseeable future - and no, you can't borrow it." - Mike James, VSJ, October 2003
Book Information
ISBN 9780596002701
Author John Viega
Format Paperback
Page Count 386
Imprint O'Reilly Media
Publisher O'Reilly Media
About the Author
John Viega, well known in the field of software security, has authored and co-authored several books and over 50 articles - including 15 academic research papers - primarily on this topic. He is a contributor to George Reese's forthcoming O'Reilly book, Java Enterprise Architecture and co-authored a lengthy appendix to the Wiley book Securing Java (McGraw and Felten). Matt Messier has been writing free software for 11 years. In the early '90s, he wrote prominent software for BBSs, including ProChat, an external door program for PCBoard systems running multiple nodes in a network environment (LANtastic or Novell). The past five years, he contracted to Lotus as a software engineer working on Lotus 1-2-3, Freelance Graphics. Matt has integrated OpenSSL with the LPC programming language, and used it to add SSL support to several real-world applications, including a telnet implementation. Pravir Chandra, programming since he was 14, became interested in security at Case Western University, where he gained work-related experience in secure network design, computer forensics, secure software design and programming language-level security. He became an expert on language-level security. Pavil's extensive work on open-source projects include an entropy collection system and cryptographic random number generation implementation for the Linux kernel, and RATS (Rough Auditing Tool for Security), a program that drastically reduces the man hours required to perform source audits.
Reviews
"If you have struggled with OpenSSL and the supplied documentation then you will regret the amount of time that you have wasted before finding this book. If you are planning to use OpenSSL then you need to buy a copy - it's essential reading. What is more surprising is that even if you don't plan to use OpenSSL, then downloading it and trying out the examples in the book could be the education in practical cryptography you really need. What more can I say of any book, other than that I certainly won't be lending it to anyone else? It's going to remain firmly chained to my bookshelf for the foreseeable future - and no, you can't borrow it." - Mike James, VSJ, October 2003
Book Information
ISBN 9780596002701
Author John Viega
Format Paperback
Page Count 386
Imprint O'Reilly Media
Publisher O'Reilly Media
