Why you should only be using websites and web apps with SSL certificates!

As you may or may not know, every website should have an SSL certificate installed.

What is SSL, and why should I only use sites that have it?

SSL (Secure Sockets Layer) is what encrypts the connection between your browser and the server. Encryption ensures that information sent to and from your computer stays secure along the way. If someone were to intercept this data somehow (which would be very difficult for them), they wouldn't be able to read it because it's encrypted.

You want to use websites or web apps with SSL certificates because if someone has bad intentions, they could steal sensitive information such as passwords passed along during HTTP requests that are unencrypted by default. Meaning that if you were to set up a website (such as a login page) where users enter their password, people could easily steal said passwords by "sniffing" the unencrypted traffic.

Unencrypted traffic is not only an issue on computers either - many governments and ISPs attempt to monitor people's internet activity to track what they do and who they talk to. ISPs and governments do this without user consent which people often refer to as "mass surveillance."

For example, if you were a government authority or an ISP, you could use a man-in-the-middle (MITM) attack to monitor the communication between two parties. However, this can be prevented with SSL. You should be aware that they can still see the connection between your browser and the server; the only difference is they can not read the data in the sessions when they are encrypted via SSL.

So if security is so important, why are SSL certificates not used everywhere? The answer is simple; it's usually not free.?

Firstly you would have to buy a certificate for your website for the browser to provide encryption between both parties, and secondly, it costs money to run a server that can serve over HTTPS (SSL) connections.?It's relatively expensive, but if you are running an online e-commerce website or web application where you store user information, you should be using SSL.

If an HTTP POST request is used to access your website or web app, the URL will look like this: https://www.mysite.com/myloginpage.html The browser will send this request over plain text, and it could be intercepted by anyone with access to the network, allowing them to view the request payload. Many times this payload contains sensitive information about the end-user, such as a username and password. Once the person has this information, they can attempt to mimic your website or web application by logging in with the stolen credentials, allowing them access to potentially sensitive data.

On the other hand, if an HTTP GET request is used to access your website or web app using HTTPS (SSL), the URL will look like this: https://www.mysite.com/myloginpage.html?username=someuser&password=somepassword this is even more dangerous than the HTTP POST request because the URL is sent in plain text over the internet and could be intercepted by an attacker. This threat can easily be mitigated by using HTTPS throughout your website or web app, which will encrypt all of the requests sent to and from it, making them unusable to any spyware or virus scanning software.

For this reason, as an end-user, you should make sure that you are using websites and web apps that support the HTTPS protocol as much as possible. This will keep your login details and other data like personal information out of harm's way from man-in-the-middle attacks or any spyware that might be crawling up your network connection.

It is also essential to never enter your payment or personal identifiable information on any web form not secured with an SSL certificate. These forms are considered compromised since the data that is sent from them will be visible for everyone to see. You should only ever enter this type of information on a website or web app that takes your privacy seriously enough to use an SSL certificate.

Thank you for taking the time to read this awesome techie article! If you have any questions or comments, please comment below.

Stay safe out there!