A hacker can use different types of attacks such as Packet sniffing or ARP Poisoning to steal your sensitive information
Secure Sockets Layer (SSL) is the most widely used technology for creating a secure communication between the web client and the web server. You must be familiar with http:// protocol and https:// protocol, You might be wondering what they mean. HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a secure communication.
Cryptography
If two users want to have a secure communication they can also use cryptography to accomplish it
For example:
TFDVSF=Encrypted Text
SECURE= Decrypted Text
You might be wondering how i Decrypted it, Here i have used Algorithm=+ for the communication and the key is "1", What comes after S is T so as you can see that S is converted into T, What comes After E is F to letter E from the word secure if converted into F and so on, To help you understand this more better I am adding a Video
So If the hacker starts sniffing from between he will get Encrypted text and as the Hacker does not know the keys so he cant decrypt it, but if the attacker or hacker is sniffing from the starting point so he will get the key and can easily Decrypt the data
Standard Communication VS Secure communication
Suppose there exists two communication parties A (client) and B (server)
Standard communication(HTTP)
When A will send information to B it will be in unencrypted manner, this is acceptable if A is not sharing Confidential information, but if A is sending sensitive information say "Password" it will also be in unencrypted form, If a hacker starts sniffing the communication so he will get the password.This scenario is illustrated using the following figure
Secure communication(HTTPS)
In a secure communication i.e. HTTPS the conversation between A and B happens to be in a safe tunnel, The information which a user A sends to B will be in encrypted form so even if a hacker gets unauthorized access to the conversion he will receive the encrypted password (“xz54p6kd“) and not the original password.This scenario is illustrated using the following figure
How is HTTPS implemented?
A HTTPS protocol can be implemented by using Secure Sockets Layer (SSL), A website can implement HTTPS by purchasing SSL certificate.
Which websites need SSL Certificate?
The websites where a private conversation is occurred, Websites related to online transactions or other sensitive information needs to be protected needs to SSL Certificate
How to identify a Secure Connection?
In Internet Explorer and google chrome, you will see a lock icon
If you are making an online transaction through Credit card or any other means you should check if https:// secured communication is enabled.
Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook, Google+ and Twitter.
Tags:
Security tips
Kindly Bookmark it and Share it with Friends:
8 comments:
Very good article here you discriminable i like this it's perfect stuff to understand ssl certificate and it's work
Thank you Sir.
good article friend keep it up..
Really Nice Article
I Like Your Blog Very Much
@Shahroz Awan
Your welcome, Keep visiting
Thank you for the post.
Good one
Processing transactions securely on the web means that we need to be able to transmit information between the web site and the customer in a manner that makes it difficult for other people to intercept and read. SSL, or secure sockets layer, takes care of this for us and it works through a combination of programs and encryption/decryption routines.