Security Encyclopedia

HTTPS

Hyper Text Transfer Protocol Secure is also known as HTTP over TLS (Transport Layer Security). HTTPS adds a Certificate Ecosystem to validate the server identity of a website.

HTTPS utilizes the SSL/TLS protocol to encrypt communications prevent adversaries from intercepting data. It also verifies that the authenticity of the web service as a means of preventing someone from impersonating the service (spoofing).

A case scenario would be navigating to alice.com. As a user I want to confirm that the webpage alice.com is actually from a server that belongs to Alice vs a malicious actor. This is done by validating the certificate in a website against a Certificate Authority. HTTP encrypts the message at the application layer before transmission. In comparison o HTTP, HTTPS encrypts all the contents of a message, including the HTTP headers. The aim of the techniques in HTTPS are to prevent man-in-the-middle (MITM) attacks and eavesdropping.

Example:

“By enabling HTTPS on the company website, our team was able to prevent intruders from listening in on communications.”