Web-Security on it-learn.io | IT, Networking & Cybersecurity Bloghttps://blog.it-learn.io/tags/web-security/Recent content in Web-Security on it-learn.io | IT, Networking & Cybersecurity BlogHugoen-usFri, 01 May 2026 00:00:00 +0000SSL Stripping: Downgrading HTTPS to HTTP Without the User Noticinghttps://blog.it-learn.io/posts/2026-05-01-ssl-stripping-downgrading-https-to-http/Fri, 01 May 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-05-01-ssl-stripping-downgrading-https-to-http/<p>Moxie Marlinspike stood at the podium at Black Hat DC 2009 and demonstrated something that changed how the security community thought about HTTPS. The attack did not crack SSL. It did not exploit a cryptographic weakness. It exploited something far simpler: the gap between when a user types a domain name into their browser and when HTTPS is actually negotiated.</p> <p>That gap — the initial HTTP request — is all an attacker needs.</p>