5 Security layer 3: securing communications

This chapter covers

Understanding the concepts and vocabulary of Transport Layer Security
Establishing a secure connection between a web browser and a server
Obtaining certificates from AWS and Let’s Encrypt
Configuring HTTPS on the application’s public endpoint
Modernizing HTTPS using Mozilla’s guidelines

The application controls added in chapter 3 and infrastructure controls added in chapter 4 are all critical to guaranteeing that customer data is stored safely and protected against theft and integrity loss. We have, so far, focused our efforts on the hosting environment and ignored a large security hole: data transiting between the user and the service is left unprotected and can be stolen or modified ...

Get Securing DevOps now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Securing DevOps by Julien Vehent

5 Security layer 3: securing communications

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly