Securing TLS connections from eavesdropping

It is also important to note that while TLS sessions do offer a secure channel for exchanging data, TLS encryption is not a panacea; it is still possible for a malicious adversary to intercept and decode TLS traffic by using a proxy to perform a man-in-the-middle (MITM) attack:

Figure 1: Using a MITM attack to intercept TLS traffic

The preceding diagram illustrates a scenario where Alice uses her bank's application on her mobile phone to query the balance in her bank account. Eve is a malicious actor trying to intercept the API calls between the application running on Alice's phone and the bank backend ...

Get Hands-On Software Engineering with Golang now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.