Here’s why you can’t trust SSL logos on HTTP pages (even from SSL vendors)
Here’s why you can’t trust SSL logos on HTTP pages (even from SSL vendors)
Join the DZone community and get the full member experience.
Join For FreeCan you release faster without sacrificing quality? See how with our free ebook Strategies for a Successful Test Automation Project and a free trial of Ranorex Studio today!
A couple of days ago I wrote about Why I am the world’s greatest lover (and other worthless security claims) and it really seemed to resonate with people. In short, whacking a seal on your website that talks about security awesomeness in no way causes security awesomeness. Andy Gambles gets that and shared this tweet with me:
So let’s check out exactly what’s going on here and you really need video to understand the fatal flaw in the logic of SSL logos coming down over HTTPS:
So there you go – it can be that simple. How I MiTM’d the page so easily is not really the point, the point is that an SSL logo on an unprotected page is as good as worthless (and frankly they’re not much good on protected pages either).
Get your test automation project off to the right start. Download your free test planning template and a 30-day no-obligation trial of Ranorex Studio today!
Like This Article? Read More From DZone
Published at DZone with permission of Troy Hunt , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}