It’s extremely important for digital shopping and e-commerce platform websites that handle sensitive customer information to ensure the communication between servers and users is encrypted. As we move in the 2020 holiday shopping season, one that is widely expected to shift considerably to digital shopping given the resurgence in the coronavirus, this is more critical than ever. However, new report from CyberNews found that nearly one-third of analyzed web servers were vulnerable.
CyberNews decided to see if popular online shops take their encryption hygiene seriously. To do this, our Investigation team analyzed the web servers of 2,620 popular online shopping domains for SSL configuration security, as well as their susceptibility to known vulnerabilities related to the Secure Sockets Layer (SSL) encryption protocol.
…to carry out this investigation, we gathered a list of the top 2,620 online shop domains on Google search. We then tested them for their SSL web server configuration security and their susceptibility to six known high-severity SSL vulnerabilities by using the Qualys SSL Server Test service.
We found that even though the absolute majority of online shops follow excellent to good SSL configuration practices in general, almost a third of the web servers we analyzed are susceptible to known SSL vulnerabilities, with the BEAST vulnerability being the most widespread among online shops.
BEAST (short for Browser Exploit Against SSL/TLS) is an attack that allows a threat actor to access the data exchanged between a web server and the user’s web browser.