HTTPS – Does it prevent men-in-the-middle and XSS?
Now that you’re already informed about the advantages of HTTPS and why you should do it, let’s drill down to the specifics of how a SSL encrypted connection can protect your website, your users and your server.
What is a men-in-the-middle attack?
A MITM attack is when the attacker sniffs, relays and likely changes the communication between two network entities who believe they’re communicating directly with each other. This attack is extremely common and can be used to steal cookies, passwords and other sensitive information.
How can I prevent it?
Using HTTPS can immediately make things a lot easier. The secure connection with authentication is based on a public/private key pair: When a certificate is installed, the browser used the public key to encrypt the information and send it to the server. On the other side, the server can decrypt it because it has the private key. The authentication is issued by a Certificate Authority (like Symantec).
Because of this, even if the attacker is in the middle sniffing your network and trying to get something, all he’s going to see are encrypted packets.