In recent years, Web site administrators have had to deal with threats that have such names as DROWN, BEAST, FREAK, and Heartbleed (also known as OpenSSL). The odds seem stacked against the honest people who make their content and products available to people on the Web.
As daunting as the challenges are for Web site security, Web administrators can significant reduce their exposure by using a standard set of practices: purchasing an SSL/TLS certificate, using secure source code, and persistently scanning their sites for vulnerabilities. One concern that Web administrators have is mixed content. In many cases, a Web site will have Hypertext Transfer Protocol Secure (HTTP) protection on the landing page or on the point-of-sale page. However, other pages may not have similar protection, or hyperlinks from one page to another may create an opening for man-in-the-middle attacks. The following whitepaper describes how Always-on SSL mitigates this type of threat, and how Symantec offers services and assurances beyond the SSL/TLS certificate.