SSL Attacks — When Hackers Use Security Against You

Radware
Radware
Aug 29, 2017 · 1 min read

by Frank Yue

In World War II, the Allies had a significant advantage because they were able to compromise the encryption protocols that the Japanese and Germans used to send sensitive messages. They were able to intercept and decode messages to gain intelligence concerning sensitive military operations.

In today’s Internet Age, malicious hackers are using standard encryption standards that businesses implement to secure their communications. They are sending attacks inside the security protocols that are designed to protect the application.

Secrecy is a two-way street

Organizations use secure sockets layer (SSL) and transport layer security (TLS) to encrypt their internet communications. The encryption protocols are utilized to ensure privacy and ensure data integrity. Unfortunately, the encryption protocols secure all application data, whether it is legitimate or malicious.

Hackers are using the SSL/TLS protocols as a tool to obfuscate their attack payloads. A security device may be able to identify a cross-site scripting or SQL injection attack in plaintext, but if the same attack is encrypted using SSL/TLS, the attack will go through unless it has been decrypted first for inspection.

Read more: http://ow.ly/Nvpv30eKRw8

)

Radware

Written by

Radware

A leading provider of application delivery & cybersecurity solutions ensuring optimal service level for applications in virtual, cloud and SDDCs.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade