Application Security

Is SSL (Secure Socket Layer) Safe?

Coming from a developer background, to be truthful, I never myself aimed on making my website secure or safe. I just kept my goal to make it run and develop a user-friendly frontend. I worked on making it attractive with usability and without even thinking using SSL as my security of website. Still, my world just changed as I read about web application security and how easy it is to get into web application.

SSL just saves our application from basic attacks, not common attacks. Hackers have evolved as developers have - they now know better ways to get access to any application and SSL is not as secure as it looks!

Common Web Application Vulnerabilities

• Broken authentication • Broken access controls
• SQL injection • Cross-site scripting • Information leakage

Things We Can Do by Using Vulnerability of a Web Application or Server

Just cracking vulnerability is not what some people hack into web application - it also helps individuals in several ways. Like if you have access to web application of some online shopping website, you can change the price of goods to lower value and buy yourself. For short interval of time you can gain access to online courses and plans and even hijack someone's session and retrieve sensitive information about users by accessing their server and use it on them for benefit.

Reason Behind Lack of Security

• People blindly trust that no one is going to hack into their application but sooner or later people will attack it for sensitive information

• Mostly all websites are now built by users sitting at home so they are low budget, less time invested websites. Hence they can't spend much time thinking about security and they just build the product as soon as they can without thinking of potential attacks on that website.

• One more main reason is the language people are using to build their website like JAVA - it is a very old language and built for running small easy functionality and not for hosting shopping platform or providing money transferring or crypto transferring etc. We just are extending its use by forcing it to run for these things too which causes security problems, hence making it easier for hackers to get in as flaws in old language can be used.