How to create a secure website
Difference between HTTP and HTTPS and the importance of SSL/TLS protocols
Nowadays the cybersecurity is an important concept that we have to be in consideration if we are users and also if we are owners of websites. In this article, we talk about:
HTTP (HyperText Transfer Protocol) is the protocol over which information is sent from a user’s web browser to the website they are visiting. It follows a request-answer schema between a client and a webserver. The client sends a message request to the server and this sends an answer message. The messages are plain text, which means if someone intercepted the connection, they could see the information sending on the website. This can be dangerous in the case of sensitive data, like credit card numbers, passwords, etc. The URLs in HTTP begin with:
HTTPS (HyperText Transfer Protocol Secure) is the same HTTP protocol combined with a layer of security using TLS (Transport Layer Security) or SSL (Secure Sockets Layer) protocols. These protocols offer protection at three levels:
- Encryption: the exchanged data is encrypted to avoid the information being stolen.
- Data integrity: data cannot be modified or corrupted during transfer without being detected.
- Authentication: demonstrate that the communication to the server is within the correct website.
The URLs in HTTPS begin with:
SSL protocol is an encryption and verification system between the client and the website by using cryptography. It offers a security certificate for the website issued by a certificate authority (CA), which verify that the web address actually belongs to the organization, protecting users from man-in-the-middle attacks. The validity of the certification is limited, and it has to be renewed for a certain time to ensure that it continues to keep up to date with cybersecurity. You can see the SSL certificate at the navbar of the browser next to the URL of the website:
📌 HTTP: HyperText Transfer Protocol
📌 HTTPS: HyperText Transfer Protocol Secure
📌 TLS: Transport Layer Security
📌 SSL: Secure Sockets Layer