Security Intermediate

What is Man-in-the-Middle Attack?

An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.

MITM attackers position themselves between client and server, intercepting all traffic. On unencrypted networks, they can read passwords, session tokens, and sensitive data. Advanced attacks can intercept HTTPS by presenting fake certificates.

Prevention includes HTTPS everywhere, certificate pinning, HSTS (HTTP Strict Transport Security), secure WiFi (WPA3), VPNs on public networks, and validating certificate chains. Public WiFi is particularly vulnerable to MITM attacks.

Learn More About This Topic

Ethical Hacking & Penetration Testing

Related reading

Network Security Fundamentals

Related reading

SOC Analyst Fundamentals

Related reading

Related Terms

Session Hijacking

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

JWT (JSON Web Token)

A compact, self-contained token format used for securely transmitting information between parties as a JSON object.

Data Loss Prevention (DLP)

A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

SAST (Static Application Security Testing)

Automated analysis of source code to find security vulnerabilities without executing the application.

CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

View All Security Terms →