If an application uses an unencrypted HTTP connection to transmit login credentials, an eavesdropper who is suitably positioned on the network will of course be able to intercept them. Depending on the user’s location, potential eavesdroppers may reside: ■ On the user’s local network ■ Within the user’s IT department ■ Within the user’s ISP … Read more
The HTTP protocol uses plain TCP as its transport mechanism, which is unencrypted and so can be intercepted by an attacker who is suitably positioned on the network. HTTPS is essentially the same application-layer protocol as HTTP, but this is tunneled over the secure transport mechanism, Secure Sockets Layer (SSL). This protects the privacy and integrity … Read more
As with any new class of technology, web applications have brought with them a new range of security vulnerabilities. The set of most commonly encountered defects has evolved somewhat over time. New attacks have been conceived that were not considered when existing applications were developed. Some problems have become less prevalent as awareness of them … Read more