This is the title of a recent talk from Ivan Ristic of SSL Labs on common mistakes in the deployment of SSL. This talk expands upon his SSL Threat Model that I posted about a few months ago. The main deployment mistakes Ristic sees for SSL are
(via SSL Shopper)
- Self-signed certificates
- Own CA certificates
- Mixing SSL and plain-text
- Not using secure cookies
- Using incomplete certificates
- Not using EV certificate
- Not using SSL
- Mixed page content
- Different sites on 80 and 443
- Using SSL for “important”bits
- Inconsistent DNS configuration
(via SSL Shopper)
No comments:
Post a Comment