Security Information and Review

Collection of security information and review

Hardening Web Application Security with SSL

Author : Admin

These days, internet or world wide web is a network for everyone, with thousands of businesses, large and small. When data travels from one point of the internet to another, it goes through a number of computers such as router, gateways and others network devices and interception is a possibility at one of these nodes. So, we need a security protocol that ensures secured transactions between the customer’s web browser and the web server. It’s called SSL / TLS protocol, provides endpoint authentication and communications confidentiality over the internet using cryptography and designed to prevent eavesdropping, tampering and message forgery.

 

The SSL protocol runs above TCP/IP, using both symmetric and asymmetric encryption schemes for data encryption, server authentication, data integrity and client authentication for TCP/IP based communication. In an SSL based transaction, the server sends a certificate to the client system. A certificate is typically issued by a well known digital certificate issuing company known as a Certificate Authority ( CA ).

 

The server sends a piece of data and encrypted using the server’s private key. So the client has the following information like certificate form known CA, an identity message from the server and an encrypted digest version of the identity messages. With the server’s public key, the client decrypt the digest message. The client create a digest of the identity message and compares with the digest sent by the server.

 

Almost any internet service can be protected with SSL. Common ones include webmail and other secure website such as internet banking and corporate site, POP Service, IMAP Service and SMTP. Currently, it’s recommended to use 128-bit or stronger AES encryption as our chipper. Use of a poor chipper can result in fast SSL that is easily compromised.

 

See at the next article, how to implement SSL in the services that we provide to our client.

 

 

 

Mohamad Widodo

Mohamad Widodo

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Web Application Security
Thanks for posting about this, I would love to read more about this topic.
24 July 09 at 06:21
If you like this posts, please leave messages / comments.