It is worth noting that SSL is only one piece of your web security. It offers a great way to protect your data as it flows between the client and the server as well as providing a check to ensure the server is who you think it is but it is only a piece of the security puzzle. Often people will think just by having SSL enabled their site is now secure but this is just not the case. You still have to worry about
- Url tampering
- Sql injection
- Social Engineering
- Incorrectly implemented authentication
to name just a few.
The Open Web Application Security project lists out the top 10 security flaws on most websites are for the year.
Here is a good video on how SSL works.