Module 1: BSWJ: SSLCaudit
When you connnect to a website like, for instance, Cybrary, your device forms an HTTP (HyperText Transfer Protocol) connection to the web server, retrieves the information, and presents it to you in an easily-interpreted format. However, there isn't any inherent security in HTTP, meaning that attackers can intercept, alter, or simply deny communications over that medium.
To counter this danger, the SSL (Secure Socket Layer) protocol was created to provide transit security for HTTP traffic. While this is still in use by some websites, most modern systems make use of TLS (Transport Layer Security) in order to ensure Confidentiality, Authentication, and Integrity for HTTP traffic.
However, no security system is complete without verification. Enter SSLCaudit. SSLCaudit is an automated tool for testing SSL/TLS connections' vulnerability to MitM attacks. Though it's not the newest tool in a security practitioner's arsenal, it remains a useful and valuable method of ensuring your HTTP security measures aren't themselves vulnerable to attack.
Teaching Assistant George Mcpherson and Vikramajeet Khatri
(Disclaimer: Breaking Stuff with Joe is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Joe' episode. However, you can still earn a certificate of completion for each episode completed.)