This page lists the ACSC’s publications on the protection of services that can be accessed via the World Wide Web. Implementing Certificates, TLS, HTTPS and Opportunistic TLS Transport Layer Security (TLS) is a widely used encryption protocol which enables parties to communicate securely over the internet. Through the use of certificates and Public Key Infrastructure (PKI), parties can identify each other through a trusted intermediary and establish encrypted tunnels for the secure transfer of information. Protecting Web Applications and Users This publication provides advice for web developers and security professionals on how they can protect their existing web applications by implementing low cost and effective security controls which do not require changes to a web application’s code. These security controls when applied to new web applications in development, whether in the application’s code or server configuration, form part of the defence-in-depth strategy. Securing Content Management Systems Security vulnerabilities within content management systems (CMS) installed on web servers of organisations are often exploited by adversaries. Once a CMS has been compromised, the web server can be used as infrastructure to facilitate targeted intrusion attempts.