Security Testing - HTTPS Protocol Basics


HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) or HTTP over SSL is a web protocol developed by Netscape. It is not a protocol but it is just the result of layering the HTTP on top of SSL/TLS (Secure Socket Layer/Transport Layer Security).

In short, HTTPS = HTTP + SSL

When is HTTPS Required?

When we browse, we normally send and receive information using HTTP protocol. So this leads anyone to eavesdrop on the conversation between our computer and the web server. Many a times we need to exchange sensitive information which needs to be secured and to prevent unauthorized access.

Https protocol used in the following scenarios −

  • Banking Websites
  • Payment Gateway
  • Shopping Websites
  • All Login Pages
  • Email Apps

Basic Working of HTTPS

  • Public key and signed certificates are required for the server in HTTPS Protocol.

  • Client requests for the https:// page

  • When using an https connection, the server responds to the initial connection by offering a list of encryption methods the webserver supports.

  • In response, the client selects a connection method, and the client and server exchange certificates to authenticate their identities.

  • After this is done, both webserver and client exchange the encrypted information after ensuring that both are using the same key, and the connection is closed.

  • For hosting https connections, a server must have a public key certificate, which embeds key information with a verification of the key owner's identity.

  • Almost all certificates are verified by a third party so that clients are assured that the key is always secure.

HTTP Architecture

Useful Video Courses


Ethical Hacking & Cyber Security Online Training

36 Lectures 5 hours

Sharad Kumar


COMPLETE- AWS Security Certification

26 Lectures 2.5 hours

Harshit Srivastava


Cyber Security Guide For Absolute Beginners

47 Lectures 2 hours

Dhabaleshwar Das


LEARNING Cloud Security on Microsoft Azure

14 Lectures 1.5 hours

Harshit Srivastava


Mastering Security Tools on AWS

38 Lectures 3 hours

Harshit Srivastava


Cloud Security with AWS and Microsoft Azure

32 Lectures 3 hours

Harshit Srivastava