Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
SSL stripping is a man-in-the-middle attack that downgrades HTTPS to unencrypted HTTP so an attacker can read or alter traffic; HSTS defends against it.
SSL Stripping Definition: SSL stripping is a man-in-the-middle attack that downgrades HTTPS to unencrypted HTTP so an attacker can read or alter traffic; HSTS defends against it.
SSL stripping is a man-in-the-middle attack that downgrades a victim's secure HTTPS connection to unencrypted HTTP, allowing the attacker to read and modify traffic in cleartext. The attacker intercepts the initial connection and serves an HTTP version of a site to the victim while maintaining an HTTPS connection to the real server, so the user is often unaware the encryption was removed. HSTS (HTTP Strict Transport Security) and HTTPS-only browsing are the primary defenses against this attack.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →