DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • Transit Gateway With Anypoint Platform
  • Easy Oracle Database Migration with SQLcl
  • Real-Time Stock Data Updates with WebSockets using Ballerina
  • Difference Between DNS Over TLS and DNS Over HTTPS

Trending

  • Build a Serverless App Fast With Zipper: Write TypeScript, Offload Everything Else
  • GenAI-Infused ChatGPT: A Guide To Effective Prompt Engineering
  • The Convergence of Testing and Observability
  • A Guide to Data-Driven Design and Architecture
  1. DZone
  2. Data Engineering
  3. Data
  4. Why Should Every eCommerce Website Have an SSL Certificate?

Why Should Every eCommerce Website Have an SSL Certificate?

SSL certificates are one of the key cybersecurity practices sites should have in place to protect user and customer data from attack.

Jamie Boote user avatar by
Jamie Boote
·
Jul. 03, 17 · Opinion
Like (0)
Save
Tweet
Share
4.11K Views

Join the DZone community and get the full member experience.

Join For Free

In the world of data security, a critical element of working with users is earning their trust. Obtaining, implementing, and properly using an SSL certificate is one way to protect user data. Without a certificate, there is also no easy way to keep the communications between the user and an eCommerce website private from attackers.

What Is Encryption?

Encryption protects data and keeps secrets out of reach from eavesdroppers. It seems like the stuff of movies and television dramas. It’s often portrayed in the media as some impenetrable obstacle that can’t be overcome without keys. Or, as an easy challenge to solve with rapid typing and a few progress bars.

We encounter encryption all the time on the web. Websites and web browsers are configured to allow for Secure Sockets Layer (SSL) which creates an encrypted link that prevents an attacker from listening in on the traffic and understanding what data is going back and forth. When communicating over an SSL link, a user’s credit card number, social security number, password, and other sensitive information can all safely pass right under an attacker’s nose.

Why Is an Encrypted SSL Link So Important?

When creating an encrypted SSL link, the first step that a user’s web browser takes is to verify that the website on the other end of the connection is who it says it is. Neglecting this first step can lead to a man-in-the-middle (MitM) attack. MitM attacks allow an attacker access to encrypted data by inserting themselves into the middle of the link.

Without a certificate to validate the website, a user might mistakenly connect to an attacker instead. The attacker then completes the loop by creating an encrypted connection to the website and pretends to be the user. Despite the idea that an attacker shouldn’t be able to read the data because it’s encrypted end to end, the connection shenanigans allow the attacker to decrypt data as it moves to and from the website by sitting in the middle.

What Is an SSL Certificate?

An SSL certificate can prevent MitM attacks by ensuring that the user’s web browser connects to a legitimate website. This works through trust delegation. The website provides the browser with a certificate issued by a trusted certificate authority. Only then does the browser trust the website.

There are a handful of certificate authorities. Common browsers support most of these. Occasionally, a browser will remove a certificate authority if it deems it to be untrustworthy.

Just as not all certificate authorities are the same, not all certificates are the same. Here are several certificate varieties:

  • Domain validation is the least expensive certificate to obtain. It covers basic encryption and verification of the ownership of the domain name registration. Additionally, it takes only a few minutes to obtain.
  • Organization validation is a more sizable undertaking. In addition to basic encryption and verification of ownership of the domain name registration, organization validation requires authentication details such as the name and address of the owner. It can take several hours, and up to several days to receive.
  • Extended validation (EV) provides the highest degree of security. In addition to authenticating the ownership of the domain name registration and entity, extended validation verifies the legal, physical, and operational existence of the entity. It can take a few days, and up to several weeks to receive.

If an attacker pretends to be the website and lacks a valid certificate, the user’s web browser won’t establish a trusted connection. The browser will also issue a warning to the user cautioning them to be wary of the site.

What Can eCommerce Websites Do to Protect Users?

If your eCommerce website isn’t creating encrypted connections, your customers might not see warnings about untrustworthy SSL connections. However, there may be other warnings. For example, Chrome displays an alert whenever the user is about to send sensitive information or passwords over an unencrypted connection. Without encryption, an attacker might be able to read passwords, credit card information, and other sensitive information the user also sends to the website.

SSL certificates and connections make it easy for eCommerce sites to protect sensitive data. If your website is not currently using encrypted connections, you are putting your customers at risk. SSL certificates are inexpensive and pay for themselves many times over by preventing lost business and data breaches.

Data (computing) Connection (dance)

Published at DZone with permission of Jamie Boote, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Transit Gateway With Anypoint Platform
  • Easy Oracle Database Migration with SQLcl
  • Real-Time Stock Data Updates with WebSockets using Ballerina
  • Difference Between DNS Over TLS and DNS Over HTTPS

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: