Useful Articles and Posts on Website Security
- More about SSL (Technical version) - Learn more about the SSL/TLS protocol and implementing HTTPS with a technical overview.
- Best practices when implementing HTTPS - Google's tips for SEO best practices when switching to HTTPS from HTTP.
- HTTP Strict Transport Security - Learn about HSTS and how to enable it for HTTPS websites on various web servers.
- SSL/TLS Deployment Best Practices - SSL is easy to deploy, but not easy to deploy correctly to provide the necessary security.
- SSL Implementation Best Practice for Mobile App development - Best practices for using web server certificates with mobile apps.
- SSL Threat Model - Large image indicating potential threat areas in the SSL security ecosystem, consisting of SSL, TLS and PKI.
- About Public Key Pinning - Learn to configure your web server to validate itself using HTTP Public Key Pinning (HPKP) Pin Validation.
- Secure Your Web App With HTTP Headers - HTTP response headers can be used to tighten security of web apps with a few lines of code.
- Everything you need to know about HTTP Security Headers - Shows how to configure HTTP security Headers on web servers.
- Security Guidance for E-commerce Websites - Updated PCI best practice guidelines [PDF] for securing e-commerce transactions.
SSL Certificates - setting up HTTPS made easy (PDF version - 800 KB)
A concise guide focussed on getting certificate generation and installation done as quickly & painlessly as possible. This book also explains the benefits of SSL Certificates including those not linked to website security. It also contains all the info and pointers you need to know before setting up HTTPS access.
Third-party SSL setup on popular Web Hosting
- GoDaddy - GoDaddy allows third-party SSL certificate installs on some of its products.
- BlueHost - BlueHost allows third-party SSL certificate installs on some of its products.
- HostGator - HostGator allows third-party SSL certificate installs on some of its products.
- ZenCommerce - Zencommerce allows third-party SSL certificate installs on the e-commerce stores hosted with them.
- AWS Certificate Manager - If you need to use non-EC2 AWS services then you need to use Amazon Certificate Manager.
- Microsoft Azure - Microsoft Azure allows third-party SSL certificate installation.