recentpopularlog in

rtopitt : ssl   30

CheatSheetSeries/ at master · OWASP/CheatSheetSeries
The Pinning Cheat Sheet is a technical guide to implementing certificate and public key pinning as discussed at the Virginia chapter's presentation Securing Wireless Channels in the Mobile Space. This guide is focused on providing clear, simple, actionable guidance for securing the channel in a hostile environment where actors could be malicious and the conference of trust a liability.
how-to  reference  mobile  ios  android  ssl  certificado  security  criptografia 
april 2019 by rtopitt
kingkool68/generate-ssl-certs-for-local-development: A bash script for generating trusted self-signed SSL certs for local development on your Mac
Generate Self-Signed SSL Certificates for Local Development On A Mac

Have you ever need to develop HTTPS sites locally? To make it work you need to generate a SSL certificate of your own and tell your computer to trust it so you don't get weird Your connection is not private errors in your browser.

Generating the certs is a complicated hassle. So I made a bash script to do it all for you.
github  ssl  development  bash  ferramenta  certificado  local  mac_os_x 
november 2018 by rtopitt - Strong Ciphers for Apache, nginx and Lighttpd
The above ciphers are Copy Pastable in your nginx, Lighttpd or Apache config. These provide Strong SSL Security for all modern browsers, plus you get an A+ on the SSL Labs Test. In short, they set a strong Forward Secrecy enabled ciphersuite, they disable SSLv2 and SSLv3, add HTTP Strict Transport Security and X-Frame-Deny headers and enable OCSP Stapling (except on Lighttpd, it does not support that yet).
apache  nginx  ssl  sysadmin  security  ciphers  how-to  dica  boa_prática  configuration  webserver 
february 2017 by rtopitt
Let's Encrypt
Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open. When Let’s Encrypt launches in Summer 2015, enabling HTTPS for your site will be as easy as installing a small piece of certificate management software on the server.
ssl  security  free  ca  certificado  mozilla  software_livre  internet 
november 2014 by rtopitt
mitmproxy - home
mitmproxy: a man-in-the-middle proxy. Intercept, modify, replay and save HTTP/S traffic. An interactive console program that allows traffic flows to be inspected and edited on the fly.
http  proxy  ssl  security  https  mitm  network 
september 2014 by rtopitt
pandurang_w: Client side SSL Certificate Authentication with Rails and Nginx
Recently i worked on one application which required SSL client certificate based authentication. So just wanted to share it with you all about how it can be integrated in Rails application.This article is about using SSL certificates installed into a web browser to authenticate against a Ruby on Rails application with Nginx.
ruby  rails  nginx  openssl  ssl  certificado  security  how-to  tip  webapp  ca 
june 2014 by rtopitt
Qualys SSL Labs - Projects / SSL Server Test
This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don't use the domain names or the test results, and we never will.
cryptography  security  ssl  tls  test  server  http  https  certificate 
august 2013 by rtopitt
SSL Cipher Suites Supported By Your Browser
This websites gives you information on the SSL cipher suites your browser supports for securing HTTPS connections.
browser  ssl  tls  test  security  http  https  cipher  cryptography 
august 2013 by rtopitt
Getting a free certificate - duraconf/startssl/README.markdown at master · ioerror/duraconf
This page guides you through the process of obtaining an HTTPS certificate for your site. This is a real certificate, not a self-signed certificate, and works in all major browsers. The CA which we'll use is StartSSL. They provide basic certificates for free, although will charge for other types, such as wildcard certificates.
certificado  ssl  https  grátis  how-to  internet  security  server  tip 
november 2012 by rtopitt
SSL with Rails // Collective Idea
So you saw Firesheep and are worried about security in your app? That’s good, you should be. SSL is easy to do and there’s no reason not to these days. Also, the tools are much better than before, so let’s get started.
ssl  https  rails  how-to  rack  3.1  importante  security  tip 
april 2012 by rtopitt
Sidejack Prevention - GitHub
GitHub was susceptible to this attack, but we have now taken measures to protect you and your data. The basic approach revolves around setting a second cookie (in addition to the normal session cookie) that is marked as secure. Cookies marked secure, are sent only over SSL requests and are omitted on non-SSL requests.
cookie  sessão  hijack  hack  geek  webapp  http  importante  inspiração  ssl  security 
october 2010 by rtopitt
Firesheep - Eric Butler - Software Developer in Seattle WA
HTTP session hijacking is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy. Today at Toorcon 12 I announced the release of Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.
cookie  firefox  https  http  webapp  hack  extensão  ssl  xsrf  sessão  importante  security 
october 2010 by rtopitt
Apache SSL Guides - Configure SSL for Secure Websites Using Apache 2 on Ubuntu 10.04 LTS (Lucid) - Linode Library
This guide will assist you with enabling SSL for websites served under the Apache web server. It is assumed that you've completed the steps detailed in our getting started guide, and that you've successfully set up Apache for serving virtual hosts as outlined in our Apache 2 on Ubuntu 10.04 LTS (Lucid) guide. These steps should be performed via an SSH session to your Linode as the root user.
apache  ubuntu  lucid  10.04  ssl  https  how-to  instalação  linode  server  configuration 
august 2010 by rtopitt
SSL checklist for Rails Applications | Vinsol
This post intentionally focuses only on the Rails application as there are numerous post on the net for SSL setup on the server. Enabling SSL in a Rails application is really trivial and there are just a few points that need your attention...
checklist  rails  ssl  plugin  importante  top10  security  tip 
april 2010 by rtopitt
[Rails] Using ssl/tls with ActionMailer (gmail) - drawohara
Using ActionMailer with tsl/ssl (for example with gmail) can be this easy
action_mailer  email  gmail  google  rails  ruby  smtp  ssl  tls  tip 
may 2009 by rtopitt
Connecting to MySQL using SSL encryption in Ruby on Rails | Midnight Oil
It turns out that enabling SSL in MySQL is not too hard, but there are a lot of steps to follow. Further, to Rails docs on using database.yml to set up the connection aren’t that great (big surprise there). So, to help out those who are in the same boat
active_record  how-to  mysql  rails  ssl 
may 2009 by rtopitt
Revision 75: /plugins/action_mailer_tls
Plugin para envio de email via SMTP do Google (hot-patch sobre Net::SMTP para aceitar SSL TLS)
email  gmail  google  patch  plugin  rails  ruby  smtp  ssl  tls 
may 2009 by rtopitt
BlogFish: Mongrel and Rails behind Apache 2.2 and SSL
Como fazer Rails rodando em um cluster de Mongrels atrás do Apache via mod_proxy_balancer perceber quando está sendo acessado via HTTPS (com SSL) e manter este protocolo nos redirecionamentos, sem quebrar o ambiente de desenvolvimento.
apache  how-to  https  mongrel  rails  ssl  webapp  security  server  configuration  tip 
may 2009 by rtopitt
How To: Bulletproof Server Backups with Amazon S3 -
Tutorial de uso de backups automatizados via shell para o Amazon S3
amazon  backup  how-to  ruby  s3  shell  ssl  webservice  server 
may 2009 by rtopitt

Copy this bookmark:

to read