Table of Contents
SSL/TLS Performance
Return to SSL/TLS, Network Performance, Network Speed, Network Latency, Network Throughput, Encryption, Cryptography
TLS has exactly one performance problem: it is not used widely enough.
Everything else can be optimized.
Data delivered over an unencrypted channel is insecure, untrustworthy, and trivially intercepted. We owe it to our users to protect the security, privacy, and integrity of their data — all data must be encrypted while in flight and at rest. Historically, concerns over performance have been the common excuse to avoid these obligations, but today that is a false dichotomy. Let's dispel some myths.
CPU & latency costs
The process of establishing and communicating over an encrypted channel introduces additional computational costs. First, there is the asymmetric (public key) encryption used during the TLS handshake. Then, once a shared secret is established, symmetric encryption takes over.
- upgrade to latest
$> openssl version OpenSSL 1.1.1a 20 Nov 2018
- run benchmarks
$> openssl speed sha $> openssl speed ecdh Good news is, modern hardware has made great improvements to help minimize these costs, and what once may have required additional hardware can now be done efficiently by the CPU.
On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10 KB of memory per connection and less than 2% of network overhead. Many people believe that SSL/TLS takes a lot of CPU time and we hope the preceding numbers will help to dispel that. - Adam Langley, Google “Overclocking SSL” We have deployed TLS at a large scale using both hardware and software load balancers. We have found that modern software-based TLS implementations running on commodity CPUs are fast enough to handle heavy HTTPS traffic load without needing to resort to dedicated cryptographic hardware. - Doug Beaver, Facebook “HTTP2 Expression of Interest” Elliptic Curve Diffie-Hellman (ECDHE) is only a little more expensive than RSA for an equivalent security level… In practical deployment, we found that enabling and prioritizing ECDHE cipher suites actually caused negligible increase in CPU usage. HTTP keepalives and session resumption mean that most requests do not require a full handshake, so handshake operations do not dominate our CPU usage. We find 75% of Twitter’s client requests are sent over connections established using ECDHE. The remaining 25% consists mostly of older clients that don’t yet support the ECDHE cipher suites. - Jacob Hoffman-Andrews, Twitter “Forward Secrecy at Twitter” Before the client and the server can begin exchanging application data over TLS, the encrypted tunnel must be negotiated, which introduces additional roundtrips for each new connection. However, we don't have to incur the cost of a full handshake in every case: TLS resumption and TLS False Start decrease the cost to a single roundtrip for new and returning clients.
A well tuned TLS deployment can make an enormous positive difference in the user experience, as well as in your operational costs. Some of the most critical features and concepts:
TLS handshake TLS session resumption TLS False Start TLS record size optimization Early termination HTTP Strict Transport Security (HSTS) To deliver the best performance, run down the TLS performance checklist and use a tool like Qualys SSL Server Test to scan your server for common configuration and security flaws.
High Performance Browser Networking
What every developer should know about networking and web performance.
Read HPBN online Server performance TLS exposes many different knobs and new config flags on every server. Our goal here is not to provide an exhaustive list (consult server docs for that), but to highlight status of important performance-oriented features: resumption, stapling, false start (requires ALPN and forward secrecy), and support for the HTTP/2 protocol.
Session identifiers Session tickets OCSP stapling Dynamic record sizing ALPN Forward secrecy HTTP/2 TLS 1.3 TLS 1.3 0-RTTApache yes yes yes yes yes yes yes yes no ATS yes yes yes dynamic yes yes yes yes no Caddy yes yes yes yes yes yes yes yes no F5 BIG-IP yes yes yes yes yes yes yes yes no H2O yes yes yes dynamic yes yes yes yes yes HAProxy yes yes yes dynamic yes yes yes yes yes Hitch yes yes yes no yes yes yes yes no IIS yes yes yes no yes yes yes yes no Citrix ADC yes yes yes no yes yes yes yes no lighttpd no yes yes no yes yes yes yes no NGINX yes yes yes static (16k) yes yes yes yes yes node.js yes yes optional optional yes yes yes yes no Go yes yes optional yes yes yes yes yes no nghttpx yes yes yes dynamic yes yes yes yes yes Pulse Secure vTM yes yes yes no yes yes yes yes no ShimmerCat yes no no yes yes yes yes no no Your favorite server missing, or found an error? Open a pull request!
CDN & PaaS performance Using a CDN allows us to terminate the connection close to the user, which can significantly reduce the cost of TCP and TLS handshake - see early termination. For best results you should be using a CDN to serve both static and dynamic content.
Session identifiers Session tickets OCSP stapling Dynamic record sizing ALPN Forward secrecy HTTP/2 TLS 1.3 TLS 1.3 0-RTTAkamai yes yes yes configurable (static) yes yes yes yes no AWS ELB (Classic) yes yes no no no yes no no no AWS ELB (Application) yes yes no no yes yes yes no no AWS CloudFront no yes yes no yes yes yes yes no BelugaCDN yes yes yes dynamic yes yes yes no no CDN77 yes yes yes dynamic yes yes yes yes yes Cloudflare yes yes yes dynamic yes yes yes yes yes ChinaNetCenter yes yes no no no yes no no no EdgeCast no yes yes no yes yes yes yes no Fastly yes yes yes dynamic yes yes yes yes client→Fastly only Google App Engine yes yes no dynamic yes yes yes no no Heroku yes yes no no no yes no yes no Imperva Incapsula yes yes yes dynamic yes yes yes no no Instart yes yes yes configurable (static) yes yes yes yes yes KeyCDN yes yes yes configurable (static) yes yes yes yes yes Limelight yes yes configurable no yes yes yes yes no StackPath yes yes yes no yes yes yes yes no Netlify yes yes no dynamic yes yes yes yes no QUANTIL yes yes no no no yes no no no Vercel Edge Network yes yes yes no yes yes yes yes no Your favorite CDN or PaaS provider missing, or found an error? Open a pull request!
FAQ What about benchmarks? Quality of implementation matters — no argument there — and you should do your due diligence. That said, you need to test on your own hardware and with realistic traffic patterns to get an accurate picture of what works best for your specific workload. Don't trust outdated benchmarks, update your OpenSSL libraries, update your server, and run the tests.
TLS operational costs are still higher, right? Not necessarily. Once you enable and optimize your TLS stack you're also well on your way to deploying HTTP/2. Unlike HTTP/1.1, HTTP/2 requires only a single connection per origin, which means fewer sockets, memory buffers, TLS handshakes, and so on. As a result, it may well be the case that you will be able to handle more users with fewer resources.
TLS still adds an extra RTT; can we fix that? One possible route is to leverage TCP Fast Open, which would allow us to send the ClientHello within the TCP SYN packet — that would cut another RTT. In the meantime, both TLS 1.3 and QUIC are experimenting with “zero-RTT” handshake mechanisms. See QUIC crypto doc and this GDL episode for a general introduction to QUIC.
Which ciphersuite should I be using? Mozilla maintains a wiki page with a recommended ciphersuite list and server configuration tips.
If TLS False Start is enabled, do I need resumption? Both resumption and TLS False Start eliminate an extra roundtrip from the TLS handshake. However, resumption also allows you to skip the asymmetric handshake crypto by reusing parameters from a previous session — this saves CPU cycles. In other words, yes you need both.
I run a multi-server deployment. Any tips? Ensure you have a shared session cache to get a good cache hit rate on resumed sessions across different servers. Also, ensure you expire and rotate your sessions and session ticket keys in a secure manner, especially when forward secrecy is enabled.
What about certificate costs? You can get free certificates for any use from Let’s Encrypt. If you need EV verification, then you will have to pay a bit extra. Use your favorite search engine to look for and evaluate the available options. The security and integrity of your visitors' data is worth every penny!
What about Elliptic Curve Cryptography (ECC) certificates? ECC certificates offer stronger security and smaller certificates - e.g. a 256-bit ECC key is equivalent to a 3072-bit RSA key. ECDSA certificates are recommended for modern TLS clients, such as web browsers, but if you need to support legacy clients (e.g., OS/software from 2008 or earlier often found in enterprise environments) that lack ECDSA support, you can provide RSA as a fallback via a hybrid certificate. Consult the documentation of your server to see if RSA+ECDSA is a supported option.
What about CRIME and BREACH attacks? CRIME is an attack against compression at the TLS layer. All modern user agents disable TLS compression, but it is still recommended that you disable TLS compression on your server. BREACH, on the other hand, is an attack against compression on top of TLS (e.g. HTTP compression) and must be mitigated both at the server and application levels - read more.
How do I migrate my existing site to HTTPS? Checkout the HTTPS Everywhere presentation (slides) from Google I/O to learn the best practices and the steps to safely migrate your existing content to HTTPS.
Why do we need HTTPS everywhere? Every unencrypted HTTP request reveals information about user’s behavior. Today, there is no such thing as insensitive web traffic - read more.
Where can I learn more about TLS performance? Is TLS Fast Yet? video from Velocity SC 2014 (slides). High Performance Browser Networking contains a full chapter on TLS performance.
Fair Use Sources
Encryption: Cryptography, Symmetric Encryption, Asymmetric Encryption, Public Key Infrastructure (PKI), RSA Encryption, Elliptic Curve Cryptography (ECC), Quantum Cryptography, Homomorphic Encryption, Advanced Encryption Standard (AES), Data Encryption Standard (DES), Triple DES (3DES), Blowfish Encryption, Twofish Encryption, Secure Hash Algorithms (SHA), Message Digest Algorithm 5 (MD5), Digital Signatures, Certificate Authorities (CA), SSL/TLS Encryption, VPN Encryption, Disk Encryption, File Encryption, Email Encryption, Database Encryption, Blockchain Encryption, Zero-Knowledge Proofs, Steganography, Obfuscation, Tokenization, Data Masking, Encrypted Messaging, Secure Coding Practices, Key Management, Key Exchange Algorithms, Diffie-Hellman Key Exchange, Password Hashing, Salted Password Hashing, HTTPS Encryption, End-to-End Encryption, Transport Layer Security (TLS), Quantum Key Distribution (QKD), Random Number Generation, Cloud Encryption, Mobile Device Encryption, Biometric Data Encryption, Payment Card Industry Data Security Standard (PCI DSS) Encryption, Wireless Encryption, IPsec Encryption, Encrypted DNS, Secure File Transfer Protocol (SFTP) Encryption, Secure Shell (SSH) Encryption
SSL/TLS Performance, GitHub Encryption, Awesome Encryption. (navbar_encryption - see also navbar_security, navbar_passwords, navbar_passkeys, navbar_pentesting, navbar_iam)
Access Control, Access Control List, Access Management, Account Lockout, Account Takeover, Active Defense, Active Directory Security, Active Scanning, Advanced Encryption Standard, Advanced Persistent Threat, Adversarial Machine Learning, Adware, Air Gap, Algorithmic Security, Anomaly Detection, Anti-Malware, Antivirus Software, Anti-Spyware, Application Blacklisting, Application Layer Security, Application Security, Application Whitelisting, Arbitrary Code Execution, Artificial Intelligence Security, Asset Discovery, Asset Management, Asymmetric Encryption, Asymmetric Key Cryptography, Attack Chain, Attack Simulation, Attack Surface, Attack Vector, Attribute-Based Access Control, Audit Logging, Audit Trail, Authentication, Authentication Protocol, Authentication Token, Authorization, Automated Threat Detection, AutoRun Malware, Backdoor, Backup and Recovery, Baseline Configuration, Behavioral Analysis, Behavioral Biometrics, Behavioral Monitoring, Biometric Authentication, Black Hat Hacker, Black Hat Hacking, Blacklisting, Blockchain Security, Blue Team, Boot Sector Virus, Botnet, Botnet Detection, Boundary Protection, Brute Force Attack, Brute Force Protection, Buffer Overflow, Buffer Overflow Attack, Bug Bounty Program, Business Continuity Plan, Business Email Compromise, BYOD Security, Cache Poisoning, CAPTCHA Security, Certificate Authority, Certificate Pinning, Chain of Custody, Challenge-Response Authentication, Challenge-Handshake Authentication Protocol, Chief Information Security Officer, Cipher Block Chaining, Cipher Suite, Ciphertext, Circuit-Level Gateway, Clickjacking, Cloud Access Security Broker, Cloud Encryption, Cloud Security, Cloud Security Alliance, Cloud Security Posture Management, Code Injection, Code Review, Code Signing, Cold Boot Attack, Command Injection, Common Vulnerabilities and Exposures, Common Vulnerability Scoring System, Compromised Account, Computer Emergency Response Team, Computer Forensics, Computer Security Incident Response Team, Confidentiality, Confidentiality Agreement, Configuration Baseline, Configuration Management, Content Filtering, Continuous Monitoring, Cross-Site Request Forgery, Cross-Site Request Forgery Protection, Cross-Site Scripting, Cross-Site Scripting Protection, Cross-Platform Malware, Cryptanalysis, Cryptanalysis Attack, Cryptographic Algorithm, Cryptographic Hash Function, Cryptographic Key, Cryptography, Cryptojacking, Cyber Attack, Cyber Deception, Cyber Defense, Cyber Espionage, Cyber Hygiene, Cyber Insurance, Cyber Kill Chain, Cyber Resilience, Cyber Terrorism, Cyber Threat, Cyber Threat Intelligence, Cyber Threat Intelligence Sharing, Cyber Warfare, Cybersecurity, Cybersecurity Awareness, Cybersecurity Awareness Training, Cybersecurity Compliance, Cybersecurity Framework, Cybersecurity Incident, Cybersecurity Incident Response, Cybersecurity Insurance, Cybersecurity Maturity Model, Cybersecurity Policy, Cybersecurity Risk, Cybersecurity Risk Assessment, Cybersecurity Strategy, Dark Web Monitoring, Data at Rest Encryption, Data Breach, Data Breach Notification, Data Classification, Data Encryption, Data Encryption Standard, Data Exfiltration, Data Governance, Data Integrity, Data Leakage Prevention, Data Loss Prevention, Data Masking, Data Mining Attacks, Data Privacy, Data Protection, Data Retention Policy, Data Sanitization, Data Security, Data Wiping, Deauthentication Attack, Decryption, Decryption Key, Deep Packet Inspection, Defense in Depth, Defense-in-Depth Strategy, Deidentification, Demilitarized Zone, Denial of Service Attack, Denial-of-Service Attack, Device Fingerprinting, Dictionary Attack, Digital Certificate, Digital Certificate Management, Digital Forensics, Digital Forensics and Incident Response, Digital Rights Management, Digital Signature, Disaster Recovery, Disaster Recovery Plan, Distributed Denial of Service Attack, Distributed Denial-of-Service Attack, Distributed Denial-of-Service Mitigation, DNS Amplification Attack, DNS Poisoning, DNS Security Extensions, DNS Spoofing, Domain Hijacking, Domain Name System Security, Drive Encryption, Drive-by Download, Dumpster Diving, Dynamic Analysis, Dynamic Code Analysis, Dynamic Data Exchange Exploits, Eavesdropping, Eavesdropping Attack, Edge Security, Email Encryption, Email Security, Email Spoofing, Embedded Systems Security, Employee Awareness Training, Encapsulation Security Payload, Encryption, Encryption Algorithm, Encryption Key, Endpoint Detection and Response, Endpoint Protection Platform, Endpoint Security, Enterprise Mobility Management, Ethical Hacking, Ethical Hacking Techniques, Event Correlation, Event Logging, Exploit, Exploit Development, Exploit Framework, Exploit Kit, Exploit Prevention, Exposure, Extended Detection and Response, Extended Validation Certificate, External Threats, False Negative, False Positive, File Integrity Monitoring, File Transfer Protocol Security, Fileless Malware, Firmware Analysis, Firmware Security, Firewall, Firewall Rules, Forensic Analysis, Forensic Investigation, Formal Methods in Security, Formal Verification, Fraud Detection, Full Disk Encryption, Fuzz Testing, Fuzz Testing Techniques, Gateway Security, General Data Protection Regulation, General Data Protection Regulation Compliance, Governance Risk Compliance, Governance, Risk, and Compliance, Gray Hat Hacker, Gray Hat Hacking, Group Policy, Group Policy Management, Hacker, Hacking, Hardware Security Module, Hash Collision Attack, Hash Function, Hashing, Health Insurance Portability and Accountability Act, Health Insurance Portability and Accountability Act Compliance, Heartbleed Vulnerability, Heuristic Analysis, Heuristic Detection, High-Availability Clustering, Honeynet, Honeypot, Honeypot Detection, Host-Based Intrusion Detection System, Host Intrusion Prevention System, Host-Based Intrusion Prevention System, Hypervisor Security, Identity and Access Management, Identity Theft, Incident Handling, Incident Response, Incident Response Plan, Incident Response Team, Industrial Control Systems Security, Information Assurance, Information Security, Information Security Management System, Information Security Policy, Information Systems Security Engineering, Insider Threat, Integrity, Intellectual Property Theft, Interactive Application Security Testing, Internet of Things Security, Intrusion Detection System, Intrusion Prevention System, IP Spoofing, ISO 27001, IT Security Governance, Jailbreaking, JavaScript Injection, Juice Jacking, Key Escrow, Key Exchange, Key Management, Keylogger, Kill Chain, Knowledge-Based Authentication, Lateral Movement, Layered Security, Least Privilege, Lightweight Directory Access Protocol, Log Analysis, Log Management, Logic Bomb, Macro Virus, Malicious Code, Malicious Insider, Malicious Software, Malvertising, Malware, Malware Analysis, Man-in-the-Middle Attack, Mandatory Access Control, Mandatory Vacation Policy, Mass Assignment Vulnerability, Media Access Control Filtering, Message Authentication Code, Mobile Device Management, Multi-Factor Authentication, Multifunction Device Security, National Institute of Standards and Technology, Network Access Control, Network Security, Network Security Monitoring, Network Segmentation, Network Tap, Non-Repudiation, Obfuscation Techniques, Offensive Security, Open Authorization, Open Web Application Security Project, Operating System Hardening, Operational Technology Security, Packet Filtering, Packet Sniffing, Pass the Hash Attack, Password Cracking, Password Policy, Patch Management, Penetration Testing, Penetration Testing Execution Standard, Perfect Forward Secrecy, Peripheral Device Security, Pharming, Phishing, Physical Security, Piggybacking, Plaintext, Point-to-Point Encryption, Policy Enforcement, Polymorphic Malware, Port Knocking, Port Scanning, Post-Exploitation, Pretexting, Preventive Controls, Privacy Impact Assessment, Privacy Policy, Privilege Escalation, Privilege Management, Privileged Access Management, Procedure Masking, Proactive Threat Hunting, Protected Health Information, Protected Information, Protection Profile, Proxy Server, Public Key Cryptography, Public Key Infrastructure, Purple Teaming, Quantum Cryptography, Quantum Key Distribution, Ransomware, Ransomware Attack, Red Teaming, Redundant Array of Independent Disks, Remote Access, Remote Access Trojan, Remote Code Execution, Replay Attack, Reverse Engineering, Risk Analysis, Risk Assessment, Risk Management, Risk Mitigation, Role-Based Access Control, Root of Trust, Rootkit, Salami Attack, Sandbox, Sandboxing, Secure Coding, Secure File Transfer Protocol, Secure Hash Algorithm, Secure Multipurpose Internet Mail Extensions, Secure Shell Protocol, Secure Socket Layer, Secure Sockets Layer, Secure Software Development Life Cycle, Security Assertion Markup Language, Security Audit, Security Awareness Training, Security Breach, Security Controls, Security Event Management, Security Governance, Security Incident, Security Incident Response, Security Information and Event Management, Security Monitoring, Security Operations Center, Security Orchestration, Security Policy, Security Posture, Security Token, Security Vulnerability, Segmentation, Session Fixation, Session Hijacking, Shoulder Surfing, Signature-Based Detection, Single Sign-On, Skimming, Smishing, Sniffing, Social Engineering, Social Engineering Attack, Software Bill of Materials, Software Composition Analysis, Software Exploit, Software Security, Spear Phishing, Spoofing, Spyware, SQL Injection, Steganography, Supply Chain Attack, Supply Chain Security, Symmetric Encryption, Symmetric Key Cryptography, System Hardening, System Integrity, Tabletop Exercise, Tailgating, Threat Actor, Threat Assessment, Threat Hunting, Threat Intelligence, Threat Modeling, Ticket Granting Ticket, Time-Based One-Time Password, Tokenization, Traffic Analysis, Transport Layer Security, Transport Security Layer, Trapdoor, Trojan Horse, Two-Factor Authentication, Two-Person Control, Typosquatting, Unauthorized Access, Unified Threat Management, User Behavior Analytics, User Rights Management, Virtual Private Network, Virus, Vishing, Vulnerability, Vulnerability Assessment, Vulnerability Disclosure, Vulnerability Management, Vulnerability Scanning, Watering Hole Attack, Whaling, White Hat Hacker, White Hat Hacking, Whitelisting, Wi-Fi Protected Access, Wi-Fi Security, Wi-Fi Protected Setup, Worm, Zero-Day Exploit, Zero Trust Security, Zombie Computer
Cybersecurity: DevSecOps - Security Automation, Cloud Security - Cloud Native Security (AWS Security - Azure Security - GCP Security - IBM Cloud Security - Oracle Cloud Security, Container Security, Docker Security, Podman Security, Kubernetes Security, Google Anthos Security, Red Hat OpenShift Security); CIA Triad (Confidentiality - Integrity - Availability, Authorization - OAuth, Identity and Access Management (IAM), JVM Security (Java Security, Spring Security, Micronaut Security, Quarkus Security, Helidon Security, MicroProfile Security, Dropwizard Security, Vert.x Security, Play Framework Security, Akka Security, Ratpack Security, Netty Security, Spark Framework Security, Kotlin Security - Ktor Security, Scala Security, Clojure Security, Groovy Security;
, JavaScript Security, HTML Security, HTTP Security - HTTPS Security - SSL Security - TLS Security, CSS Security - Bootstrap Security - Tailwind Security, Web Storage API Security (localStorage Security, sessionStorage Security), Cookie Security, IndexedDB Security, TypeScript Security, Node.js Security, NPM Security, Deno Security, Express.js Security, React Security, Angular Security, Vue.js Security, Next.js Security, Remix.js Security, PWA Security, SPA Security, Svelts.js Security, Ionic Security, Web Components Security, Nuxt.js Security, Z Security, htmx Security
Python Security - Django Security - Flask Security - Pandas Security,
Database Security (Database Security on Kubernetes, Database Security on Containers / Database Security on Docker, Cloud Database Security - DBaaS Security, Concurrent Programming and Database Security, Functional Concurrent Programming and Database Security, Async Programming and Databases Security, MySQL Security, Oracle Database Security, Microsoft SQL Server Security, MongoDB Security, PostgreSQL Security, SQLite Security, Amazon RDS Security, IBM Db2 Security, MariaDB Security, Redis Security (Valkey Security), Cassandra Security, Amazon Aurora Security, Microsoft Azure SQL Database Security, Neo4j Security, Google Cloud SQL Security, Firebase Realtime Database Security, Apache HBase Security, Amazon DynamoDB Security, Couchbase Server Security, Elasticsearch Security, Teradata Database Security, Memcached Security, Infinispan Security, Amazon Redshift Security, SQLite Security, CouchDB Security, Apache Kafka Security, IBM Informix Security, SAP HANA Security, RethinkDB Security, InfluxDB Security, MarkLogic Security, ArangoDB Security, RavenDB Security, VoltDB Security, Apache Derby Security, Cosmos DB Security, Hive Security, Apache Flink Security, Google Bigtable Security, Hadoop Security, HP Vertica Security, Alibaba Cloud Table Store Security, InterSystems Caché Security, Greenplum Security, Apache Ignite Security, FoundationDB Security, Amazon Neptune Security, FaunaDB Security, QuestDB Security, Presto Security, TiDB Security, NuoDB Security, ScyllaDB Security, Percona Server for MySQL Security, Apache Phoenix Security, EventStoreDB Security, SingleStore Security, Aerospike Security, MonetDB Security, Google Cloud Spanner Security, SQream Security, GridDB Security, MaxDB Security, RocksDB Security, TiKV Security, Oracle NoSQL Database Security, Google Firestore Security, Druid Security, SAP IQ Security, Yellowbrick Data Security, InterSystems IRIS Security, InterBase Security, Kudu Security, eXtremeDB Security, OmniSci Security, Altibase Security, Google Cloud Bigtable Security, Amazon QLDB Security, Hypertable Security, ApsaraDB for Redis Security, Pivotal Greenplum Security, MapR Database Security, Informatica Security, Microsoft Access Security, Tarantool Security, Blazegraph Security, NeoDatis Security, FileMaker Security, ArangoDB Security, RavenDB Security, AllegroGraph Security, Alibaba Cloud ApsaraDB for PolarDB Security, DuckDB Security, Starcounter Security, EventStore Security, ObjectDB Security, Alibaba Cloud AnalyticDB for PostgreSQL Security, Akumuli Security, Google Cloud Datastore Security, Skytable Security, NCache Security, FaunaDB Security, OpenEdge Security, Amazon DocumentDB Security, HyperGraphDB Security, Citus Data Security, Objectivity/DB). Database drivers (JDBC Security, ODBC), ORM (Hibernate Security, Microsoft Entity Framework), SQL Operators and Functions Security, Database IDEs (JetBrains DataSpell Security, SQL Server Management Studio Security, MySQL Workbench Security, Oracle SQL Developer Security, SQLiteStudio),
Programming Language Security ((1. Python Security, 2. JavaScript Security, 3. Java Security, 4. C Sharp Security | Security, 5. CPP Security | C++ Security, 6. PHP Security, 7. TypeScript Security, 8. Ruby Security, 9. C Security, 10. Swift Security, 11. R Security, 12. Objective-C Security, 13. Scala Security, 14. Golang Security, 15. Kotlin Security, 16. Rust Security, 17. Dart Security, 18. Lua Security, 19. Perl Security, 20. Haskell Security, 21. Julia Security, 22. Clojure Security, 23. Elixir Security, 24. F Sharp Security | Security, 25. Assembly Language Security, 26. Shell Script Security / bash Security, 27. SQL Security, 28. Groovy Security, 29. PowerShell Security, 30. MATLAB Security, 31. VBA Security, 32. Racket Security, 33. Scheme Security, 34. Prolog Security, 35. Erlang Security, 36. Ada Security, 37. Fortran Security, 38. COBOL Security, 39. Lua Security, 40. VB.NET Security, 41. Lisp Security, 42. SAS Security, 43. D Security, 44. LabVIEW Security, 45. PL/SQL Security, 46. Delphi/Object Pascal Security, 47. ColdFusion Security, 49. CLIST Security, 50. REXX);
OS Security, Mobile Security: Android Security - Kotlin Security - Java Security, iOS Security - Swift Security; Windows Security - Windows Server Security, Linux Security (Ubuntu Security, Debian Security, RHEL Security, Fedora Security), UNIX Security (FreeBSD Security), IBM z Mainframe Security (RACF Security), Passwords (Windows Passwords, Linux Passwords, FreeBSD Passwords, Android Passwords, iOS Passwords, macOS Passwords, IBM z/OS Passwords), Password alternatives (Passwordless, Personal Access Token (PAT), GitHub Personal Access Token (PAT), Passkeys), Hacking (Ethical Hacking, White Hat, Black Hat, Grey Hat), Pentesting (Red Team - Blue Team - Purple Team), Cybersecurity Certifications (CEH, GIAC, CISM, CompTIA Security Plus, CISSP), Mitre Framework, Common Vulnerabilities and Exposures (CVE), Cybersecurity Bibliography, Cybersecurity Courses, Firewalls, CI/CD Security (GitHub Actions Security, Azure DevOps Security, Jenkins Security, Circle CI Security), Functional Programming and Cybersecurity, Cybersecurity and Concurrency, Cybersecurity and Data Science - Cybersecurity and Databases, Cybersecurity and Machine Learning, Cybersecurity Glossary (RFC 4949 Internet Security Glossary), Awesome Cybersecurity, Cybersecurity GitHub, Cybersecurity Topics (navbar_security - see also navbar_aws_security, navbar_azure_security, navbar_gcp_security, navbar_k8s_security, navbar_docker_security, navbar_podman_security, navbar_mainframe_security, navbar_ibm_cloud_security, navbar_oracle_cloud_security, navbar_database_security, navbar_windows_security, navbar_linux_security, navbar_macos_security, navbar_android_security, navbar_ios_security, navbar_os_security, navbar_firewalls, navbar_encryption, navbar_passwords, navbar_iam, navbar_pentesting, navbar_privacy, navbar_rfc)
Cloud Monk is Retired ( for now). Buddha with you. © 2025 and Beginningless Time - Present Moment - Three Times: The Buddhas or Fair Use. Disclaimers
SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.