Why SSL Is Not Enough

Unfortunately, all of the attention on SSL has started to create the false impression that simple implementing SSL makes a site safe. After all, when SSL is implemented, a browser indicates that the site is safe by making a small lock icon appear near the URL, turning the URL green, and adding an “s” to the “https” part of the URL. So everything must be good, right?

Not really. SSL is great, but it is simply not enough. The interception the data packets flowing between visitor and website is only one way internet criminals gain access to sensitive information.

If SSL has not been properly implemented, some content on a site may NOT covered by the encryption expected. So even though the browser is indicating a secure connection, some of the interactions may not be secure or encrypted at all. There are also potential exploits that can endanger this data exchange. Examples include:

  • MIME mis-matches
  • Cross-site Scripting
  • Clickjacking

All of these are well-known methods used by internet bad-actors to extract information being exchanged between websites and users. But all of these can be effectively defended against using a relatively simple website security best practices.