2 simple discussion questions
- When designing an application with security in mind you do have to think about handling attackers in general. Describe two types of threats that have to be mitigated and the measures that can be implemented to handle these attackers?
- HTTPS is used for encrypting data between client and server. Secure Socket Layer (SSL) had been the traditional protocol used for this role. Why is SSL no longer a viable option? Going forward, why is Transport Layer Security (TLS) the better option?