Security Intermediate

What is Man-in-the-Middle Attack?

An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.

MITM attackers position themselves between client and server, intercepting all traffic. On unencrypted networks, they can read passwords, session tokens, and sensitive data. Advanced attacks can intercept HTTPS by presenting fake certificates.

Prevention includes HTTPS everywhere, certificate pinning, HSTS (HTTP Strict Transport Security), secure WiFi (WPA3), VPNs on public networks, and validating certificate chains. Public WiFi is particularly vulnerable to MITM attacks.

Learn More About This Topic

Ethical Hacking & Penetration Testing

Related reading

Network Security Fundamentals

Related reading

SOC Analyst Fundamentals

Related reading

Related Terms

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

Penetration Testing

An authorized simulated cyberattack on a system to evaluate its security defenses and identify vulnerabilities.

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

Certificate Pinning

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

View All Security Terms →