Attacks on HTTPS Connections

Oct. 8, 2017 0 comments ADMIN Magazine Pen Testing & Audits Internet security security

HTTPS couldn't be simpler from a user perspective: If you establish a secure connection (e.g., to a bank) in a web browser via an HTTPS link, your browser initially establishes an unencrypted connection to the specific server (Figure 1 ). The server identifies itself with a certificate containing its public key and the signature of a trusted third party, called a certificate authority (CA). The CA confirms by signature that the key belongs to the server specified in the certificate. Your browser then checks the certificate. To do so, it has a list of CAs that are trusted by the browser manufacturer. If the certificate wasn't issued by one of these CAs or the signature isn't correct or doesn't match the server, the browser displays a warning and terminates the connection, unless you need the potentially unsafe connection anyway. Figure 1: A secure connection between client and server. If the check is successful (or if you agree to the connection despite the error), the browser genera...

http://www.admin-magazine.com/Archive/2016/33/Attacks-on-HTTPS-Connections/(tagID)/2