Web Security Considerations

Web Security is very important nowadays. Websites are always prone to security
threats/risks. Web Security deals with the security of data over the internet/network or web
or while it is being transferred to the internet. For e.g. when you are transferring data
between client and server and you have to protect that data that security of data is your web
security.

Hacking a Website may result in the theft of Important Customer Data, it may be the credit
card information or the login details of a customer or it can be the destruction of one’s
business and propagation of illegal content to the users while somebody hacks your website
they can either steal the important information of the customers or they can even propagate
the illegal content to your users through your website so, therefore, security considerations
are needed in the context of web security.

Security Threats:
A Threat is nothing but a possible event that can damage and harm an information system.
Security Threat is defined as a risk that which, can potentially harm Computer systems &
organizations. Whenever an Individual or an Organization creates a website, they are
vulnerable to security attacks.

Security attacks are mainly aimed at stealing altering or destroying a piece of personal and
confidential information, stealing the hard drive space, and illegally accessing passwords. So
whenever the website you created is vulnerable to security attacks then the attacks are
going to steal your data alter your data destroy your personal information see your
confidential information and also it accessing your password.
Explain the working of HTTPS
What is HTTPS?
HTTPS stands for HyperText Transfer Protocol Secure. It is the most common
protocol for sending data between a web browser and a website. It is the secure
variant of HTTP used for communication between the browser and the
webserver. In order to make the data transfer more secure, it is encrypted.
Encryption is required to ensure security while transmitting sensitive information
like passwords, contact information, etc.

How does HTTPS work?

HTTPS establishes the communication between the browser and the webserver.
It uses the Secure Socket Layer (SSL) and Transport Layer Security (TLS)
protocol for establishing communication. The new version of SSL is
TLS(Transport Layer Security) .

HTTPS uses the conventional HTTP protocol and adds a layer of SSL/TLS over
it. The workflow of HTTP and HTTPS remains the same, the browsers and
servers still communicate with each other using the HTTP protocol. However,
this is done over a secure SSL connection. The SSL connection is responsible
for the encryption and decryption of the data that is being exchanged in order to
ensure data safety.

Secure Socket Layer (SSL)

The main responsibility of SSL is to ensure that the data transfer between the
communicating systems is secure and reliable. It is the standard security
technology that is used for encryption and decryption of data during the
transmission of requests.

As discussed earlier, HTTPS is basically the same old HTTP but with SSL. For
establishing a secure communication link between the communicating devices,
SSL uses a digital certificate called SSL certificate.

There are two major roles of the SSL layer –

● Ensuring that the browser communicates with the required server

directly.
 ● Ensuring that only the communicating systems have access to the
messages they exchange.

HTTP transfers data in a hypertext format between the browser and the web
server, whereas HTTPS transfers data in an encrypted format. As a result,
HTTPS protects websites from having their information broadcast in a way that
anyone eavesdropping on the network can easily see. During the transit
between the browser and the web server, HTTPS protects the data from being
accessed and altered by hackers. Even if the transmission is intercepted,
hackers will be unable to use it because the message is encrypted.

It uses an asymmetric public key infrastructure for securing a communication

link. There are two different kinds of keys used for encryption –

1. Private Key: It is used for the decryption of the data that has been
encrypted by the public key. It resides on the server-side and is
controlled by the owner of the website. It is private in nature.
2. Public Key: It is public in nature and is accessible to all the users who
communicate with the server. The private key is used for the decryption
of the data that has been encrypted by the public key.

Advantage of HTTPS
1. Secure Communication: HTTPS establishes a secure communication
link between the communicating system by providing encryption during
transmission.
2. Data Integrity: By encrypting the data, HTTPS ensures data integrity.
This implies that even if the data is compromised at any point, the
hackers won’t be able to read or modify the data being exchanged.
3. Privacy and Security: HTTPS prevents attackers from accessing the
data being exchanged passively, thereby protecting the privacy and
security of the users.
4. Faster Performance: HTTPS encrypts the data and reduces its size.
Smaller size accounts for faster data transmission in the case of
HTTPS.