A (MitM) intercepts a communication between two systems. For example, a Wi-Fi router can be compromised. Man-in-the-middle attack Comparing this to physical mail: If you're writing letters to each other, the mailman can intercept each letter you mail. They open it, read it, eventually modify it, and then repackage the letter and only then send it to whom you intended to sent the letter for. The original recipient would then mail you a letter back, and the mailman would again open the letter, read it, eventually modify it, repackage it, and give it to you. You wouldn't know there's a man in the middle in your communication channel – the mailman is invisible to you and to your recipient. In physical mail and in online communication, MITM attacks are tough to defend. A few tips: Don't just ignore certificate warnings. You could be connecting to a phishing server or an imposter server. Sensitive sites without HTTPS encryption on public Wi-Fi networks aren't trustworthy. Check for HTTPS in your address bar and ensure encryption is in-place before logging in. Learn more OWASP Article: Man-in-the-middle attack Wikipedia: Man-in-the-middle attack The header ( ) can significantly decrease the risk of MITM by instructing browsers to require a whitelisted certificate for all subsequent connections to that website. Public-Key-Pins HPKP View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authentication Cipher Cipher suite Ciphertext CORS CORS-safelisted request header CORS-safelisted response header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP CSRF Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden header name Forbidden response header name Hash HMAC HPKP HSTS HTTPS Key OWASP Preflight request Public-key cryptography Reporting directive Robots.txt Same-origin policy Session Hijacking SQL Injection Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/MitM Published under license Open CC Attribution ShareAlike 3.0

Mozilla

Glossary of Security Terms: OWASP

Glossary of Security Terms: Key

Read My Stories

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

Glossary of Security Terms: MitM

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

An Introduction to Firefox’s new Site Isolation Security Architecture

10 Cool CI/CD Tools For Your Project

27 Stories To Learn About Ssl

20 Essential Backend Tools For Developers

3 Most Common Ways to Connect your Node and React Applications

An Introduction to Firefox’s new Site Isolation Security Architecture

10 Cool CI/CD Tools For Your Project

27 Stories To Learn About Ssl

20 Essential Backend Tools For Developers

3 Most Common Ways to Connect your Node and React Applications

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps