Three Pillars of Security Protocol

 

HTTP

HTTP stands for Hypertext Transfer Protocol. It is a protocol for transmitting data on the World Wide Web. HTTP is used to send and receive messages, usually in the form of HTML documents, between clients and servers. When you enter a website’s URL into your web browser, your computer sends an HTTP request to the server that hosts the website. The server then responds with the requested webpage, which your browser displays for you. HTTP is the foundation of data communication on the World Wide Web and is used to transmit data between clients and servers.

This protocol has an issue, here the data transmits in plain text (i.e., if we enter our credentials in an HTTP Website, the credentials will be transmitted to a server in plain text). In between, if needed someone can bypass the transmission and read or copy the credentials and misuse it.

HTTPS

HTTPS stands for HTTP Secure. It is a secure version of HTTP, the protocol used to send and receive data on the World Wide Web. HTTPS uses a secure SSL/TLS connection to encrypt data sent between a web server and a client, such as a web browser. This encryption helps protect against eavesdropping and tampering with the data.

In addition to encryption, HTTPS also provides authentication. This means that when you connect to a website using HTTPS, you can be sure that you are communicating with the website you intended to connect to, and not with an imposter.

HTTPS is commonly used to protect sensitive information, such as online banking transactions and online shopping orders. Most web browsers display a padlock icon in the address bar to indicate when a website is using HTTPS.

HSTS

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps protect against man-in-the-middle attacks. It is implemented by sending an HTTP header to a web browser, which instructs the browser to only communicate with the server using HTTPS, rather than HTTP.

HSTS can help protect against SSL striping attacks, where an attacker intercepts an HTTP connection and downgrades it to an unencrypted connection. By specifying that a web server should only be accessed using HTTPS, HSTS helps ensure that the connection is always encrypted, even if an attacker tries to downgrade it.