Validating x509 certificates c
In these attacks, sniffers have been installed to access unencrypted sensitive data sent on the internal network.
The login page and all subsequent authenticated pages must be exclusively accessed over TLS.
The terms, Secure Socket Layer (SSL) and Transport Layer Security (TLS) are often used interchangeably. However, different versions of SSL and TLS are supported by modern web browsers and by most modern web frameworks and platforms.
For the purposes of this cheat sheet we will refer to the technology generically as TLS.
A TLS stream of communication contains built-in controls to prevent tampering with any portion of the encrypted data.