All about application performance and test automation: Security Testing - Enabling HTTPS doesn’t mean your site is secure

Saturday, August 21, 2010

Security Testing - Enabling HTTPS doesn’t mean your site is secure

Security Testing - Enabling HTTPS doesn’t mean your site is secure.

Many people have wrong assumption that, if the site is HTTPS, it is very secure.
HTTPS protect the data during transit over the network (Internet), but do not protect before it is sent or after it arrives at the destination.

Using this weakness, hackers can exploit the server behavior by using HPP attack, SQL injection, cross site scripting...

Screen shot source: SSL and TLS Essentials: Securing the Web - by Stephen A. Thomas (WILEY)

---

All about application performance and test automation

Saturday, August 21, 2010

Security Testing - Enabling HTTPS doesn’t mean your site is secure

No comments:

Post a Comment

About Bharath Marrivada

Join to get new post updates

Hits Location

Topics

Hits Counter

Search

Lijit Search

Blog Archive

Nibbler

Twitter

Popular Posts

Facebook Activity Feed

Total Pageviews

Feedjit

Pages

Labels

All about application performance and test automation

Saturday, August 21, 2010

Security Testing - Enabling HTTPS doesn’t mean your site is secure

No comments:

Post a Comment

About Bharath Marrivada

Join to get new post updates

Hits Location

Topics

Hits Counter

Search

Lijit Search

Blog Archive

Subscribe To

Nibbler

Twitter

Popular Posts

Facebook Activity Feed

Total Pageviews

Feedjit

Pages

Labels