CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass

Thursday, April 11, 2024

SSL Stripping Attack & Prevention

 SSL Stripping - SSL/TLS Downgrade

This type of attack can be called either of the above names. Pay attention to the question. The question may have stated that the user went to his financial organization's website, https://www.bank.com, but when you look at the logs, the user actually went to http://www.bank.com. 

HTTPS would have used port 443, whereas HTTP will use port 80. That could be another hint that the attack was SSL Stripping or an SSL/TLS downgrade attack.

The ways of preventing these attacks (has to be configured on the server):
  • HSTS (HTTP Strict Transport Security)
  • HTTP security header

No comments:

Post a Comment