TLS
- TLS 1.3 new verion of SSL 2018
- SSL depecated in 2015
what it does
* authentication
* data encruption
* data integrity
SSL vs TLS vs HTTPS
SSL: Secure Sockets Layer
TLS: transport layer security
HTTPs: http secure (use tls on top of http)
symetric vs asmetric encryption
symetric: secert key
asymetric: public/private keys
public key for encrypt
private key for decrypt
example: Rsa
CSR in ssl
Certificate Signing Request
The CSR contains information about your domain (e.g., Common Name, Organization, etc.) and is used when applying for an SSL certificate from a Certificate Authority (CA).
MITM attacks
A Man-in-the-Middle (MITM) attack occurs when an attacker intercepts and potentially alters the communication between two parties without their knowledge. The attacker can secretly listen, modify, or even inject new information into the communication
- unsecured Wi-Fi network at a coffee shop
- ## using HTTP
Protection Against MITM Attacks:
* Use HTTPS (SSL/TLS)
* Avoid Unsecured Wi-Fi
* Use VPN:
* Enable HSTS: HTTP Strict Transport Security ensures that your browser always uses HTTPS.
What is OWASP?
The Open Web Application Security Project (OWASP) is a standard awareness document for developers and web application security.
It represents a broad consensus about the most critical security risks to web applications.
top 10
- CORS - access control
- use TLS for transmit, and encrypt sensitive data
- source code review for injection like url , sql
