Insecure Communication

Insecure Login

• Sensitive data should never be sent in plaintext!

• Often applications switch to a secure connection after the authorization

• An attacker could just sniff the login and use the gathered information to break into an account

• A good web application always takes care of encrypting sensitive data

• Use Wireshark to sniff the login info since it's being sent in plaintext