Application Security Terminology


Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) is a computer networking protocol for securing connections between network application clients and servers over an insecure network, such as the Internet. SSL establishes a secure link between a web server and browser to transmit data. To encrypt data, SSL uses two different keys: a public key and a private key. The public key is put into a file that contains your details called a certificate signing request (CSR). Next, the certification authority validates your details and gives you an SSL certificate. This allows you to use SSL. Your web server then matches your SSL certificate to your private key. This allows your web server to create an encrypted link between the website and your web browser. SSL is especially important for websites where users enter confidential information, such as addresses and credit card numbers. URLs that use an SSL connection begin with https rather than http.

Due to numerous protocol and implementation flaws and vulnerabilities, SSL was deprecated for use on the Internet by the Internet Engineering Task Force (IETF) in 2015 and has been replaced by the Transport Layer Security (TLS) protocol. While TLS and SSL are not interoperable, TLS is backwards-compatible with SSL 3.0.