An curated list of resources for web security.
##General Crypto
- The Basics of Web Application Security Excellent intro guide.
- How to Protect Your Infrastructure Against the Basic Attacker How to protect against unsophisticated adversaries.
##SSL/TLS
- Staying on top of TLS attacks: Ciphersuites, forward secrecy and RC4 vulnerabilities.
- SSL/TLS & Perfect Forward Secrecy: Good article on forward secrecy, Diffie-Helman and eliptic curve cryptography. Inlcudes lots of links to other good sources.
- Mozilla Security/Server Side TLS A guide to SSL/TLS deployment.
- Bad SSL Live examples of good, bad and misconfigured SSL
##SSH Secure Secure Shell: Tips on securing SSH with discussion on Hacker News here.
- HTTP Security Report: Analysis of a website based on HTTPS best practices
- Wireshark: Network protocol analyzer