HTTPS – Does it prevent men-in-the-middle and XSS?
Now that you’re already informed about the advantages of HTTPS and why you should do it, let’s drill down to the specifics of how a SSL encrypted connection can protect your website, your users and your server.
What is a men-in-the-middle attack?
A MITM attack is when the attacker sniffs, relays and likely changes the communication between two network entities who believe they’re communicating directly with each other. This attack is extremely common and can be used to steal cookies, passwords and other sensitive information.
How can I prevent it?
Using HTTPS can immediately make things a lot easier. The secure connection with authentication is based on a public/private key pair: When a certificate is installed, the browser used the public key to encrypt the information and send it to the server. On the other side, the server can decrypt it because it has the private key. The authentication is issued by a Certificate Authority (like Symantec).
Because of this, even if the attacker is in the middle sniffing your network and trying to get something, all he’s going to see are encrypted packets.
How does DNS work? Types and operating modes
As part of the anatomy of a URL, as we explained here, there are one important item with lot’s of ramifications: the Domain Name.
The Domain Name in a URL is part of DNS (Domain Name System) which is a name management system for network connected resources. It basically translates human-readable domain names into numerical IP Addresses needed for the purpose of locating and identifying clients and servers throughout a network.