/ DevOps Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Here’s why you can’t trust SSL logos on HTTP pages (even from SSL vendors)

DZone's Guide to

Here’s why you can’t trust SSL logos on HTTP pages (even from SSL vendors)

by
Troy Hunt
·
May. 09, 13 · DevOps Zone
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

“Automated Testing: The Glue That Holds DevOps Together” to learn about the key role automated testing plays in a DevOps workflow, brought to you in partnership with Sauce Labs.

A couple of days ago I wrote about Why I am the world’s greatest lover (and other worthless security claims) and it  really seemed to resonate with people. In short, whacking a seal on your website that talks about security awesomeness in no way causes security awesomeness. Andy Gambles gets that and shared this tweet with me:

@troyhunt so when an SSL vendor is saying stuff like this http://st.cm/18WVy6O does that give us any hope?

So let’s check out exactly what’s going on here and you really need video to understand the fatal flaw in the logic of SSL logos coming down over HTTPS:

So there you go – it can be that simple. How I MiTM’d the page so easily is not really the point, the point is that an SSL logo on an unprotected page is as good as worthless (and frankly they’re not much good on protected pages either).

Learn about the importance of automated testing as part of a healthy DevOps practice, brought to you in partnership with Sauce Labs.

Like This Article? Read More From DZone

A Data Exploration Journey With Cars and Parallel Coordinates
Apply Caching and Offline Storage in your iOS App
Livecoding: 3D Is Hard, WebAR Defeats Me

Free DZone Refcard

Getting Started With Docker
DOWNLOAD
Topics:

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Troy Hunt, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

DevOps Partner Resources

QA Strategies for Great Software Whatever Your Growth Stage
Uncover your DevOps maturity level in four key areas.
Redefine application release processes and unify your DevOps strategy.
3 Use Cases of How Our DevOps Teams Automate Development
The CTO’s Ultimate Guide to Continuous Testing
Compare Your DevOps Maturity to Your Peers
The DevOps Journey - From Waterfall to Continuous Delivery
The Ultimate Monitoring Tools Landscape
Starting and Scaling DevOps in the Enterprise
Solve the 4 Major Problems with Text Data
Accelerate DevOps Early, Everywhere at Scale
Continue your digital transformation with a Blueprint for Continuous Delivery.

DevOps Partner Resources

QA Strategies for Great Software Whatever Your Growth Stage
Uncover your DevOps maturity level in four key areas.
Redefine application release processes and unify your DevOps strategy.
3 Use Cases of How Our DevOps Teams Automate Development

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone