🎩Man in the Middle (MITM)

This problem is occur when we have someone (Hacker) that stay between our user and target website. He always captures the request between user and target and try to get the information.

How to Protect

Use HTTPS, SSL to encrypt the data between client and server
Use HSTS to informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. (This is more secure than simply configuring a HTTP to HTTPS (301) redirect on your server, where the initial HTTP connection is still vulnerable to a man-in-the-middle attack.) reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

PreviousCross site request forgery (CSRF)NextInsecure Direct Object Reference (IDOR)

Last updated 1 month ago