SSL Protocols Research Articles

Survey of Attacks against HTTPS: Analysis, Exploitation, and Mitigation Strategies

This research paper aims to provide a comprehensive overview of known attacks against HTTPS, focusing on the SSL and TLS protocols. The paper begins by explaining the working of HTTPS, followed by detailed descriptions of SSL and TLS protocols. Subsequently, it explores common attacks against HTTPS, providing an in-depth analysis of each attack, along with proof-of-concept (PoC) demonstrations. Furthermore, the paper outlines mitigation strategies to address each attack, emphasizing the importance of proactive security measures. Finally, a conclusion is drawn, highlighting the evolving nature of HTTPS attacks and the continuous need for robust security practices.

Enhancing data protection in a web application using Django

This article explores the theme of enhancing data protection in web applications using the Django framework. It identifies the primary vulnerabilities of web applications and analyzes Django's features for defense against attacks such as SQL injections, XSS, CSRF, clickjacking, and data interception. Examining Django's built-in protection mechanisms, the article not only emphasizes their effectiveness against most common attacks but also proposes methods to improve and strengthen security measures. A detailed analysis of Django's authentication module is provided, revealing its key features in ensuring a high level of reliability in user access management. The article describes the stages of password hashing and the logic of its processing. The importance of utilizing HTTPS, SSL, and TLS protocols to enhance the security level of web applications is highlighted. Special attention is given to configuring HTTPS and using security headers, such as HTTP Strict Transport Security (HSTS), which secure connections and prevent data interception attacks. In the analysis of major attack types, including SQL injections, XSS, CSRF, focus is placed on the built-in protection functions of the web system, potential vulnerabilities, and recommendations for improving data security are presented. Additionally, protective measures against clickjacking are discussed, and recommendations for employing intermediary software to effectively counteract such attacks are provided. Emphasis is placed on the necessity of closely monitoring the possibility of page embedding and restricting this functionality to ensure the security of the web system.

Технологии и методы создания систем защищенного информационного обмена

This article presents a description of existing technologies and methods for creating secure information exchange systems. To date, secure information exchange systems are built in accordance with two technologies – VPN technology and cryptographic protocols SSL and TSL, as well as in accordance with combinations of these technologies. The necessity of creating network security systems is considered. The rapid development of network technologies leads to an equally rapid increase in information security risks for companies in both the public and private sectors. The requirements of the legislation of the Russian Federation in the field of ensuring the security of networks are presented. The principles of network security design are described. The analysis of existing projects and implementations of network security was carried out. A description of the existing and methods for constructing secure information exchange systems is given. The technologies for building secure information exchange systems based on VPN technology, as well as the algorithms for building VPN connections – PPTP, IPSec, L2TP, SSTP, OpenVPN, GOST VPN are considered. The most common technical and software information security tools that use VPN to build a secure information exchange are described – the products of the companies InfoTeKS, Security Code, S-Terra. The technology of constructing secure information exchange systems based on SSL and TLS cryptographic protocols is considered. This article identifies the most common problems in building secure information exchange systems – the presence of a large number of manufacturers of information security tools with their own ecosystem, as well as high labor, financial and time costs for ensuring the information exchange of systems of different levels of security, the security of which built on solutions from different vendors.

Enforcing Set and SSL Protocols in E-Payment

Enforcing Set and SSL Protocols in E-Payment

The Use of SSL and TLS Protocols in Providing a Secure Environment for e-commerce Sites

The problem is that e-commerce is not reliable and people are afraid to buy things and make transactions with commercial websites. Only some well-known companies have a known digital document from where it was issued. To solve this problem and to document any individual commercial website, We suggested to design a personal commercial website, it is a website to buy books and enable access to a domain by purchasing it from the digital ocean cloud, then a server is installed in this domain and then we connect it to the digital certification from the website (lets encrypt), where certain software are added to client (certbot, root) server assistant program, and we have linked the server and the certification together via Linux instructions and codes. The commercial website. (PHP3.PHP) has been tested in SSL laboratories and the results are the division of service sites into three categories: current, best current, and worst currently with details of categories, and what are the weaknesses.

ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT

ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT

Enforcing Set and SSL Protocols in E-Payment

The main incentive for the use of electronic commerce (E-commerce) and spread on a large scale is that most of business activities need payment system. As E-commerce requires an efficient payment system which is stable and secure for supporting electronically commerce. This paper proposed to enforce SET, SSL protocols for encrypting e-payment information. It also presented several methods to take under consideration to avoid fraud and keep our site safe.