I am implementing a web application and the users are expected to submit confidential information via the application. 2FA will be implemented for the mentioned application and the application will only accept traffic via port 443.
While security is the upmost concern, we want to ensure that the application is user friendly and convenient for user to use.
I will like to seek you advice on:
- With the correct deployment of SSL over HTTP, is this sufficient to protect again data leakage?
- in what way will SSL VPN be superior over SSL over HTTP, considering that the application deployed will be web-based.
Thank you for your assistance, in advace.