WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Security tool for monitoring HTTPS traffic?

From: "John Floyd" <john.floyd () us-kavado com>
Date: Thu, 26 Feb 2004 12:23:31 -0800
There are Application Layer firewalls which can inspect HTTPS traffic to
assure that the communications coming in are not maliscious attacks via
the web browser.  These types of solutions will decrypt the traffic,
inspect it, and then either re-encrypt or not, and send back to your web
server. 

http://www.infoworld.com/article/04/02/06/06FEsecureapp_1.html 

Cheers

John

-----Original Message-----
From: Altheide, Cory B. (IARC) [mailto:AltheideC () nv doe gov] 
Sent: Thursday, February 26, 2004 11:23 AM
To: webappsec () securityfocus com
Subject: RE: Security tool for monitoring HTTPS traffic?



-----Original Message-----
From: John Reilly [mailto:JReilly () eSpatial com]
Sent: Wednesday, February 25, 2004 2:19 AM
To: webappsec () securityfocus com
Subject: RE: Security tool for monitoring HTTPS traffic?





I have a similar question too!

Are they products they can look inside HTTPS traffic? Some customers



doesn't trust HTTPS traffic going inside the company over the proxy!


There is no way to look at the plain text content inside the
https traffic - that would defeat the whole purpose of https.  

Regards,
John


This is false.

If there were no way to look at the plain text content inside of HTTPS
traffic it would be exceedingly difficult for the intended recipient to
do anything useful with said HTTPS traffic (ie, one-way encryption).

Cory Altheide
Senior Network Forensics Specialist
NNSA Information Assurance Response Center (IARC) altheidec () nv doe gov
Previous By Date Next
Previous By Thread Next

Current thread: