I’ve worked with SSL extensively, as has any sysadmin that knows what a web server and SSL certs are. But what about the real dirty guts of SSL? Sometimes, topics like this are difficult to grasp, but I found something that made enough sense to me that I re-wrote the process of an SSL session negotiation on a piece of scratch paper just to visualize it. Palisade has a question and answer about SSL which is written in very plain English for an intermediate to understand, and it actually makes complete sense to me! Other quiz questions are also available, although some are a little less interesting to me. Reading about HTTP cache smuggling is interesting (and makes sense, since you can hijack HTTP connections anyway, which can be fun on wireless with airpwn). .NET best practices are not quite as interesting to me right now.