Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Website Security Solutions

Why are so many Web forms unprotected?

Created: 18 Apr 2006 • Updated: 18 Dec 2012 • 2 comments
Tim Callan's picture
0 0 Votes
Login to vote

One thing that continues to amaze me is the very large number of Web forms I see on line that are not protected with any SSL at all. While I do occasionally notice a Web form that actually requests a credit card order and doesn't offer at least the encryption that comes with the presence of an SSL Certificate, I'm not even talking about these gross offenders. What's much more common is the sites requesting information one step down from a credit card in sensitivity that don't bother to make the minimal investment in security for their site visitors that an SSL Certificate entails.

Comments 2 CommentsJump to latest comment

Morgan Collett's picture

The real question is why are so many ____ unprotected - fill in your choice of: vulnerable web servers, databases listening on public ports with default passwords, web applications with bypassable authentication, applications with poorly written code resulting in buffer overflows...

Show me a specific documented case where somebody's data has been stolen by sniffing an unencrypted socket. That's where the compelling case for SSL lies --- until High Assurance becomes implemented, pervasive and understood by the public, and then the authentication part of SSL becomes compelling.

+3
Login to vote
Tim Callan's picture

The trouble with this idea of "show me the case where..." is that it's very hard to see. Identity theft happens. Stolen credit cards happen. How do we track the incidents back to their original security holes? What we need to do is plug the holes when we become aware of them. Because even if we could look into a crystal ball and determine that there were no breaches today, that doesn't mean the exploit won't become popular tomorrow.

-1
Login to vote