Can I securely embed an iframe HTTPS on the HTTP page?

421    Asked by AndrewJenkins in Cyber Security , Asked on Mar 21, 2022

 I've seen websites placing HTTPS iframes on HTTP pages.

Are there any security concerns with this? Is it secure to transmit private information like credit card details in such a scheme (where the information is only placed on the HTTPS iframe form, and not on the HTTP parent page)?

Answered by Andrea Bailey

An iframe HTTPS within a page served over HTTP will not allow the user to be sure they are actually using the HTTPS connection that they expect to be; therefore, this potentially allows the iframe to be hijacked in a simple attack such as an iframe injection. This would allow password harvesting, among other things. Such an attack could begin through a Trojan, a virus, or simply visiting a malicious website.


Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com