Security Testing HTTP Protocol
What is HTTPS Basic Protocol?
HTTPS (Hypertext Transfer Protocol over) or HTTP over SSL( Secure Socket Layer) is a web protocol developed by Netscape. It is not a protocol but it is simply the output of layering the HTTP on top of Secure Socket Layer (SSL) /Transport Layer Security(TLS).
Simply, HTTPS = HTTP + SSL
When Https Required?
When we browse, we usually send and receive data using HTTP protocol. So this leads everyone to intrude on the conversation between our web server and computer. Most of the times we require to exchange vulnerable data which is necessary to be secured and to avoid illegal access.
Https protocol used in the below scenarios:
- Banking Websites
- Payment Gateway
- Shopping Websites
- All Login Pages
- Email Apps
What is basic Working of HTTPS?
- Public key and signed certificates are necessary for the server in HTTPS Protocol.
- Client requests for the https:// page
- While employing an https connection, the server responds to the initial connection by presenting a list of encryption methods the webserver supports.
- In response, the client chooses a connection method, and the server and client interchanges certificates to certify their identities.
- After this, both webserver and client interchanges the encoded data after insuring that both are making use of the same key, and the connection is closed.
- For facilitating https connections, a server should have a public key authentication, which inserts key information with a verification of the key owner's identity.
- Nearly all certificates are validated by a third party so that clients are confident that the key is secure forever.