Security Issues and HTTPS
Start course

To really understand how HTML5 works, you need to have some idea of how the internet works. In this first module, web fundamentals, we’ll take a deep dive into the world of http/s, URLs, clients and servers, and security. This first module is mostly theoretical, and there are no practical activities involved with it.  


As the internet has matured, security has become more and more of an issue. But, what are some of the security issues we have to deal with and how is HTTP evolved to stop them? HTTPS is the obvious answer. If a web application simply uses HTTP, then all data sent over the internet can be intercepted and read easily. HTTPS, on the other hand, encrypts the data at the source, which can only be decrypted using the encryption key. To enable HTTPS, web servers have to have a secure socket layer, SSL, certificate purchased from a reputable certification authority, which provide encryption keys. The server holds a private key that is never sent anywhere and a public key, which is returned to any client when a request is made to the server. Further communications can then use the public key on the client to encrypt the data to be sent. This can only be decrypted with the use of the private key, which should be safely stored on the server. At the client end, the public key will only decrypt data that has been encrypted by the private key. This means that the client can be sure that the data received has come from the server. Armed with this knowledge, HTTPS helps prevent against eavesdropping, fabrication, which is also known as the man in the middle attack, and impersonation. First up, eavesdropping. Networking communications are typically actually pretty insecure, especially over the internet, where any information may need to pass through any number of unknown and unaudited networks on the way to its destination. Next up, modification or fabrication. Imagine you're trying to send a message to someone, but on the way it's intercepted and changed. Even worse, imagine someone can fabricate a message to make it look like it's come from you to take advantage of someone on your network. Last up, impersonation. Hackers can sometimes impersonate a system or use it to gain access to resources they aren't actually entitled to. And that's it for this video. HTTP is insecure and has vulnerabilities. HTTPS has been delivered to deal with a few of these and while it's not foolproof, it does add an important layer of defense against hackers and fraudsters.


About the Author
Learning Paths

Ed is an Outstanding Trainer in Software Development, with a passion for technology and its uses and holding more than 10 years’ experience.

Previous roles have included being a Delivery Manager, Trainer, ICT teacher, and Head of Department. Ed continues to develop existing and new courses, primarily in web design using: PHP, JavaScript, HTML, CSS, SQL, and OOP (Java), Programming Foundations (Python), and DevOps (Git, CI/CD, etc). Ed describes himself as practically minded, a quick learner, and a problem solver who pays great attention to detail. 

Ed’s specialist area is training in Emerging Technologies, within Web Development. Ed mainly delivers courses in JavaScript covering vanilla JS, ES2015+, TypeScript, Angular, and React (the latter is authored by Ed) and has delivered on behalf of Google for PWAs. Ed has also developed a new suite of PHP courses and has extensive experience with HTML/CSS and MySQL. 

Ed is responsible for delivering QA’s Programming Foundations course using the Eclipse IDE. His skillset extends into the DevOps sphere, where he is able to deliver courses based around Agile/Scrum practices, version control, and CI/CD.

Covered Topics