Web Security For Dummies [sponsored by Symantec] (PDF version - 3.4 MB)
A guide to understanding the risks posed by unprotected websites, the value of using SSL certificates, and details of different types of SSL certificates. You only need basic IT knowledge such as knowing what a server is, and familiarity with e-commerce & online transactions, to understand the topics covered.
SSL Certificates - setting up HTTPS made easy (PDF version - 800 KB)
A concise guide focussed on getting certificate generation and installation done as quickly & painlessly as possible. This book also explains the benefits of SSL Certificates including those not linked to website security. It also contains all the info and pointers you need to know before setting up HTTPS access.
Useful Articles and Posts on Website Security
- More about SSL (Technical version) - Learn more about the SSL/TLS protocol and implementing HTTPS with a technical overview.
- Best practices when implementing HTTPS - Google's tips for SEO best practices when switching to HTTPS from HTTP.
- HTTP Strict Transport Security - Learn about HSTS and how to enable it for HTTPS websites on various web servers.
- SSL/TLS Deployment Best Practices - SSL is easy to deploy, but it is not easy to deploy correctly to provide the necessary security.
- SSL Threat Model - Large image indicating potential threat areas in the SSL security ecosystem, consisting of SSL, TLS and PKI.
- About Public Key Pinning - Learn to configure your web server to validate itself using HTTP Public Key Pinning (HPKP) Pin Validation.
- Secure Your Web App With HTTP Headers - HTTP response headers can be used to tighten security of web apps with a few lines of code.
- Everything you need to know about HTTP Security Headers - Shows how to configure HTTP security Headers on web servers.
- Security Guidance for E-commerce Websites - Updated PCI best practice guidelines [PDF] for securing e-commerce transactions.