Securing TLS connections from eavesdropping

It is also important to note that while TLS sessions do offer a secure channel for exchanging data, TLS encryption is not a panacea; it is still possible for a malicious adversary to intercept and decode TLS traffic by using a proxy to perform a man-in-the-middle (MITM) attack:

Figure 1: Using a MITM attack to intercept TLS traffic

The preceding diagram illustrates a scenario where Alice uses her bank's application on her mobile phone to query the balance in her bank account. Eve is a malicious actor trying to intercept the API calls between the application running on Alice's phone and the bank backend ...

Get Hands-On Software Engineering with Golang now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.