This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter s approach. Ever since Edward Snowden’s revelations in 2013 SSL encryption has become all the rage with application owners, and that, in turn, has lead to the rise of attacks hiding in SSL traffic. What s more, movements like Let’s Encrypt, the free, automated and open certificate authority (CA) provided by the Internet Security Research Group (ISRG), have inadvertently created a new set of vulnerabilities. Attackers are able to exploit Let’s Encrypt to generate their own seemingly legitimate SSL certificates to sign malicious code or to host malicious HTTPS sites.
You can read the full article here.