Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Don't Fall for These 8 SSL and HTTPS Myths

DZone's Guide to

Don't Fall for These 8 SSL and HTTPS Myths

Don't believe everything you hear. Check out this post where we discuss the biggest misconceptions around HTTPS and SSL certificates.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Myth #1 – HTTPS Slows Down a Website

The speed factor is held with a very high importance by all web administrators. And, as far as HTTPS websites are concerned, it’s a well-known fact that HTTPS is slightly overhead when compared to HTTP because it has to encrypt data before sending it further.

Myth #2 – Only the Login Page Needs to Be Secured

This is the most common of all the myths listed here. On the Internet, it is just not enough to secure login credentials that you enter on the login page of a website. You also need to worry about all your sensitive information stored at different locations on the website. Experts have pointed out the fact that by not securing your web pages other than the login page, you actually tend to increase the risks of getting your web sessions hijacked by the hackers, especially when using public networks, like the Wi-Fi network available at a coffee shop, airport, etc.

Myth #3 – SSL Certificate Is a Costly Affair

Securing a website with an SSL certificate is no longer a privilege service available only after paying a huge sum of money. Looking close at the present-day SSL market, a buyer can find a variety of digital certificates that come with budget-friendly price tags to make SSL encryption an inexpensive affair. In fact, some smart SSL shopping on the Internet can help you find some really affordable SSL certificates. However, you must be careful about mobile compatibility and limited additional features offered by the cheap SSL certificates.

Myth #4 – Every HTTPS Site Needs to Have Its Own IP Address

This absolutely does not apply when you are dealing with a Wildcard SSL certificate, which enables you to include an unlimited number of sub-domains with just a single IP address.

There are several types of SSL certificates available on the market that have different features to suit your requirements and budget. Normally, a single SSL certificate will secure only one fixed URL, and to secure even a sub-domain, another certificate is needed. And, it tends to get more complicated if there are multiple sub-domains that need to be encrypted. A wildcard SSL certificate is a perfect solution to this situation. It is capable of securing all the traffic of the primary domain and all the sub-domains as well.

Myth #5 – HTTPS Sites Involve No Caching

Many people claim that the browser can never cache the content on HTTPS websites. However, by using response headers, you can prompt web browsers to cache an HTTPS website. These headers differ for each browser.

Myth #6 – SSL Will Not Have Any Effect on SEO

Google announced its decision to make ‘HTTPS’ a ranking signal. This is an attempt by the search engine giant to encourage webmasters to switch to HTTPS from HTTP and help towards making the Internet a more secure medium. Currently, this is a very lightweight ranking signal, but the move does signify a greater shift by Google to encourage encryption across all sites. However, don’t expect your website to shoot up the ranking just by installing an SSL certificate.

Myth # 7 – It Is Difficult to Manage or Migrate an SSL Certificate

The SSL installation procedure may seem a bit confusing initially, but web-hosting control panels with GUI interface easily allow the generation and import of new public and private keys. Any change in your web hosting server or the dedicated IP address invalidates the SSL certificate. But in such cases, you can always request to re-issue the certificate with your SSL provider. The majority of certificate providers almost instantly issue a new certificate after the request is generated, which can be installed onto your new server.

Myth # 8 – Having an SSL Certificate Is a Foolproof Plan to Prevent Hackers

Many users consider an SSL certificate the ultimate web security solution and an attack on such HTTPS websites is a highly unacceptable scenario for them to put up with. What they don’t consider is that an SSL certificate cannot prevent attackers from exploiting other aspects, such as a vulnerable code or software on the website.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
ssl ,myth ,mythbusting ,http ,https ,ssl certificates ,single sign-on ,security

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}