Categories
Resources Software Development Web Development Web Security

SSL links, videos and other resources.

SSL is a very important subject. All websites/apps should be using it. However the docs will leave you scratching your head saying WTF? So I am creating this long list of resources for anyone else who ever has to learn how to use it.

Articles

First here is a link to the docs – this will cause confusion as nothing tells you how to use the pieces together.  So it is like looking into a box of legos and knowing it builds something but you don’t even have a picture as a hint. The best you can do is use the pieces to build something that doesn’t even resemble the original creation.

OpenSSL quick reference by digicert – a very brief introduction to SSL and how it works

SSL Certificate Security Glossary – list of terms and definitions

How to create a CSR with openssl – shows some of the syntax for the -config file option.

Docs explaining the config file found in the article above bout how to create a csr with openssl

SSL Basics: What is a Certificate Signing Request (CSR)? – Exactly WTF is a CSR

Openssl config file example – openssl docs are pure 100% utter shit. I had to dig and dig and google and dig for days to find this.


Videos

Categories
Resources Software Development Web Security

AWS autoscaling links and resources

AWS autoscaling lets you set up groups of EC2 instances which are controlled by a load balancer. The load balancer in turn makes sure your app has the correct number of EC2 instances running at all times. If your traffic is high it adds the maximum that you set. If traffic goes down it adjust to have the minimum EC2 instances that you set.

This system is great for startups who have no idea if their app will go viral or just flop. Often they just flop. But if you are lucky and it takes off you want to be able to handle the traffic so you don’t lose users.

Documentation link to AWS autoscaling

Running EC2 instances at Scale with autoscaling groups – small Ebook that walks through the whole process including using CodeDeploy.

Categories
Resources Web Security

Server and cloud security resources and links

CSP Cheat Sheet – CSP content security policy is for setting server security policies for accessing your systems content/files etc.

Configuring Play Framework Content Security Policy Headers

Categories
Resources Web Security

Web App security resources

Practical HTTP Host header attacks – Must read to understand how hackers use HTTP headers to hack websites.

Link to OWASP cheatsheet  – a good cheat sheet

Website security by MDN – covers some very basic information about website security such as SQL injection