¨Can be conducted even if the Web server uses Secure Sockets Layer (SSL)
–SSL used to authenticate the Web server to the browser
–SSL used to prevent an attacker from intercepting traffic
–SSL can be used to authenticate the client with client-side certificates
¨Web attacks can occur over SSL-encrypted connection
–Account harvesting
–Undermining session tracking
–SQL Piggybacking