Learn how to secure communication and storage using encryption, hashing, password managers, KMS, secret stores, TLS, HTTPS, and more.
By David Wong (Manning)
If you’re browsing the web, using public APIs, making and receiving electronic payments, registering and logging in users, or experimenting with blockchain, you’re relying on cryptography. And you’re probably trusting a collection of tools, frameworks, and protocols to keep your data, users, and business safe. It’s important to understand these tools so you can make the best decisions about how, where, and why to use them. Real-World Cryptography teaches you applied cryptographic techniques to understand and apply security at every level of your systems and applications.
By Jean-Philippe Aumasson (No Starch Press)
This practical guide to modern encryption breaks down the fundamental mathematical concepts at the heart of cryptography without shying away from meaty discussions of how they work. You’ll learn about authenticated encryption, secure randomness, hash functions, block ciphers, and public-key techniques such as RSA and elliptic curve cryptography.
By Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, and Adam Stubblefield (O'Reilly)
Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be considered secure if it's unreliable? Security is crucial to the design and operation of scalable systems in production, as it plays an important part in product quality, performance, and availability. In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure. Two previous O’Reilly books from Google―Site Reliability Engineering and The Site Reliability Workbook―demonstrated how and why a commitment to the entire service lifecycle enables organizations to successfully build, deploy, monitor, and maintain software systems. In this latest guide, the authors offer insights into system design, implementation, and maintenance from practitioners who specialize in security and reliability. They also discuss how building and adopting their recommended best practices requires a culture that’s supportive of such change.
By Julien Vehent (Manning)
Securing DevOps explores how the techniques of DevOps and security should be applied together to make cloud services safer. This introductory book reviews the latest practices used in securing web applications and their infrastructure and teaches you techniques to integrate security directly into your product. You'll also learn the core concepts of DevOps, such as continuous integration, continuous delivery, and infrastructure as a service.
By Greg Wilson (Rethink Press)
A structured approach to integrating security capabilities into your engineering process is an essential requirement for producing secure software without compromising the integrity of the DevOps framework. DevSecOps provides a clear path to building systems and protocols that promotes taking ownership of software security and supports the DevOps philosophy.
By Liz Rice (O'Reilly)
To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions. Author Liz Rice, Chief Open Source Officer at Isovalent, looks at how the building blocks commonly used in container-based systems are constructed in Linux. You'll understand what's happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you're ready to get started.
By Michael Howard and David LeBlanc (Microsoft Press)
Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process—from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters reveal proven principles, strategies, and coding techniques. The authors—two battle-scarred veterans who have solved some of the industry’s toughest security problems—provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews.
By Ivan Ristić (Feisty Duck)
Bulletproof TLS and PKI is a complete guide to using TLS encryption and PKI to deploy secure servers and web applications. Written by Ivan Ristic, author of the popular SSL Labs web site, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. In this book, you'll find just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to get your job done.
By Jim Gumbley (Blog post)
Threat modelling is a risk based approach to cyber security requirements analysis.
By Bruce Schneier (Blog post)
Congratulations. You’ve just invented this great new cipher, and you want to do something with it. You’re new in the field; no one’s heard of you, and you don’t have any credentials as a cryptanalyst. You want to get well-known cryptographers to look at your work. What can you do?
By the OWASP Foundation (Cheat sheet)
The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.
By the OWASP Foundation (Cheat sheet)
This cheat sheet advises you on the proper methods for storing passwords for authentication. When passwords are stored, they must be protected from an attacker even if the application or database is compromised. Fortunately, a majority of modern languages and frameworks provide built-in functionality to help store passwords safely.
Package crypto collects common cryptographic constants.
The Java platform strongly emphasizes security, including language safety, cryptography, public key infrastructure, authentication, secure communication, and access control. The JCA is a major piece of the platform, and contains a 'provider' architecture and a set of APIs for digital signatures, message digests (hashes), certificates and certificate validation, encryption (symmetric/asymmetric block/stream ciphers), key generation and management, and secure random number generation, to name a few. These APIs allow developers to easily integrate security into their application code.
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. GnuPG also provides support for S/MIME and Secure Shell (ssh).
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
Stripe powers online and in-person payment processing and financial solutions for businesses of all sizes. Accept payments, send payouts, and automate financial processes with a suite of APIs and no-code tools.
PayPal is the faster, safer way to send money and make an online payment or set up a merchant account.
Sell more. Sell anywhere. Streamline operations. Manage your staff. Get paid faster. Sign up for Square today.
Unlock hyper-growth with Chargebee's Software-as-a-Service. Streamline revenue operations & grow your business efficiently. Join the trajectory to success now.
Recurly is the best subscription management software and recurring billing platform on the market, compatible with leading ERP, CRM, payment gateways, fraud, and tax solutions.
Rapidly integrate authentication and authorization for web, mobile, and legacy applications so you can focus on your core business.
The Okta and Auth0 Platforms enable secure access, authentication, and automation—putting Identity at the heart of business security and growth.
Implement a secure, scalable, and customized sign-up and sign-in experience in minutes.
Firebase Authentication lets you add an end-to-end identity solution to your app for easy user authentication, sign-in, and onboarding in just a few lines of code.
Authentication that you can afford that is built in to your supabase project.
APIs and SDKs to integrate authentication and security into your app.
Open Source User Authentication. Build fast, maintain control, with reasonable pricing.
More than a password manager and leader in Extended Access Management. Discover why 1Password is the exclusive Cybersecurity Partner of Oracle Red Bull Racing.
Bitwarden is the most trusted password manager for passwords and passkeys at home or at work, on any browser or device. Start with a free trial.
NordPass password manager remembers complex passwords, auto-fills logins and online forms and lets you access it all from anywhere. Even when you’re offline.
Dashlane Password Manager safeguards businesses & people with easy-to-use, powerful features. Protect & manage passwords and passkeys in one secure solution.
With Enpass, choose where your passwords and passkeys are secured and synced – on your personal or business clouds (or even offline). Not on our servers.
Let KeePassXC safely store your passwords and auto-fill them into your favorite apps, so you can forget all about them. We do the heavy lifting in a no-nonsense, ad-free, tracker-free, and cloud-free manner. Free and open source.
Use Passwords on your Mac to find all your passwords in one place, across all your devices.
Credential Manager lets you view and delete your saved credentials for signing in to websites, connected applications, and networks.
Safely save and organize your passwords, anywhere you use your Google Account.
Firefox's password management feature securely stores your usernames and passwords. Learn how to save, view, manage and protect your logins.
Tired of forgetting passwords? We got you covered! All passwords consist of real words, chosen at random.
diceware is a passphrase generator following the proposals of Arnold G. Reinhold on http://diceware.com . It generates passphrases by concatenating words randomly picked from wordlists.
A hardware security module is a dedicated crypto processor that is specifically designed for the protection of the crypto key lifecycle.
Hardware-based crypto security for a wide range of business applications.
Entrust's hardware security modules provide unmatched protection for your cryptographic keys and secure the most critical aspects of your infrastructure.
The world’s smallest HSM secures modern infrastructures and is ultra portable at an affordable price while securing a wide range of use cases.
Create and control keys used to encrypt or digitally sign your data.
Safeguard cryptographic keys and other secrets used by cloud apps and services.
Encryption key management enables data protection for security and privacy. Key management systems and services are critical for data security.
Akeyless Vault platform offers key management services to secure IT and DevOps resources, credentials, and access across hybrid cloud and legacy environments.
Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing.
OpenBao is an open source, community-driven fork of HashiCorp Vault managed by the Linux Foundation to manage, store, and distribute sensitive data.
Doppler redefines how engineering teams handle secrets management. Experience enhanced security, agility, and automation with our cloud platform. Start your free trial.
All-in-one platform to securely manage application configuration and secrets across your team and infrastructure. Used by Fortune 500 enterprises, international governments, and fastest-growing startups. Save time and boost security.
A file-based secret management and distribution system.
Learn how Parameter Store, a tool in AWS Systems Manager, provides secure, hierarchical storage for configuration data management and secrets management.
Securely store API keys, passwords, certificates, and other sensitive data with Google Cloud’s Secret Manager.
A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don't need to include confidential data in your application code. Because Secrets can be created independently of the Pods that use them, there is less risk of the Secret (and its data) being exposed during the workflow of creating, viewing, and editing Pods.
Turn on FileVault to add an extra layer of security to the encrypted data on your Mac.
BitLocker is a Windows security feature that provides encryption for entire volumes, addressing the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices.
Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
Let's Encrypt is a free, automated, and open Certificate Authority brought to you by the nonprofit Internet Security Research Group (ISRG).
Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
Free SSL certificates issued instantly online, supporting ACME clients, SSL monitoring, quick validation and automated SSL renewal via ZeroSSL Bot or REST API.
Cloudflare offers free SSL/TLS certificates to secure your web traffic. Improve performance and save time on TLS certificate management with Cloudflare.
Provision and manage SSL/TLS certificates with AWS services and connected resources.
Learn how to create and use Google-managed SSL certificates with Google Cloud load balancers.
Compare & Buy TLS/SSL Certificates. Find which TLS/SSL Certificate type is right for you with an easy, side-by-side comparison.
Your all in one solution to grow online. Start a free trial to create a beautiful website, get a domain name, fast hosting, online marketing and award-winning 24/7 support.
Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing.
OpenBao is an open source, community-driven fork of HashiCorp Vault managed by the Linux Foundation to manage, store, and distribute sensitive data.
step-ca is an online Certificate Authority (CA) for secure, automated X.509 and SSH certificate management. It's the server counterpart to step CLI. It is secured with TLS, and it offers several configurable certificate provisioners, flexible certificate templating, and pluggable database backends to suit a wide variety of contexts and workflows. It employs sane default algorithms and attributes, so you don't have to be a security engineer to use it securely.
CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.
Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go.
Tools to bootstrap CAs, certificate requests, and signed certificates. - square/certstrap.
EJBCA covers certificate issuing, management, and certificate validation. The Open Source CA can easily be scaled to match the needs of your PKI.
The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. The Dogtag Certificate System can be downloaded for free and set up in less than an hour.
OpenXPKI is an enterprise-grade PKI/Trustcenter software for customizable and scaleable management of X.509v3 certificates, known for its flexibility, web-based management interface, workflow support, and active Open Source community.
Protect every device and workload with the most trusted PKI and machine identity management platform.
A highly secure PKI that’s quick to deploy, scales on-demand, and runs where you do business.
Kickstart your digital transformation with Venafi Zero Touch PKI! This PKI solution is simple, seamless and secure--and customizable.
AppViewX certificate lifecycle management automation solution for Certificates and keys PKI-as-a-Service.
Use AWS Private Certificate Authority (AWS Private CA) to securely issue and manage private certificates for your connected resources in one place.
Simplify the deployment, management, and security of private certificate authorities (CAs) without managing infrastructure.