Eric Lewis, profile picture
Uploaded byEric Lewis
PPTX, PDF801 views

HTTPS and YOU

HTTPS provides encryption for HTTP requests and responses to protect data from intermediaries. It encrypts all data except the destination address and uses server certificates and encryption between the browser and server to authenticate identity and enable secure communication. While HTTPS does not prevent brute force attacks, it protects against eavesdropping, content spoofing, and helps websites rank higher on search engines. Certificate Authorities verify server identities and issue signed certificates that browsers recognize to establish encrypted connections.

Embed presentation

Downloaded 15 times
HTTPS and YOU
What is HTTP? (or, how does the Internet work?)
How HTTP works HTTP request I want to see a webpage nytimes.com/index.html
How HTTP works HTTP request HTTP Response Here’s the content of index.html
Why is HTTP insecure?
Request data is unencrypted, and servers don’t need to provide their identity over HTTP
HTTP is unencrypted. The data can be read by any intermediary. HTTP request Insecure wifi Attacker can read the user’s HTTP request and response. “Hmm, looks like Eric is interested in Twitter stock…” I want to see a webpage nytimes.com/twitter- stock-plummets/
HTTP is unencrypted. The data can be read by any intermediary. HTTP request Insecure wifi I wonder what a jorf is… Log into my WordPress site with my username “eric” and my password “jorf”
HTTP request I want to see a webpage nytimes.com/index.html An attacker can catch the request (DNS Spoofing, etc) HTTP doesn’t require server identification. Any intermediary can spoof a request.
HTTP request The attacker returns spoofed content of index.html which says Russia bombed the U.S. HTTP Response HTTP doesn’t require server identification. Any intermediary can spoof a request.
What security does HTTPS provide?
All data in the request is encrypted, except the delivery address. HTTPS request Send to 182.23.194.39 Fwu3489fehu9fr93wehufu9ef89y3 hu9efhiufhr803 (encrypted request data) I want to see a webpage nytimes.com/index.ht ml
All data in the request is encrypted, except the delivery address. HTTPS request Send to 212.39.10.88 sdfj83jof83hfajnksdc83hud08duh3 8dhe8y38h383 (encrypted response data) HTTPS response Here’s the content of index.html
HTTPS request HTTPS is encrypted. The data can’t be read by any intermediary. Insecure wifi Attacker can eavesdrop on the encrypted conversation, but doesn’t understand it. Log into my WordPress site with my username “eric” and my password “jorf” Send to 182.23.194.39 Fwu3489fehu9fr9ufu9ef89 y3hu9efhiufhr803 (encrypted request data)
I want to see a webpage nytimes.com/index.html The attacker can’t spoof the server’s identification. HTTPS requires server identification. An intermediary can’t spoof a request. HTTPS request
Only the server with valid identification can respond to the request. HTTPS requires server identification. An intermediary can’t spoof a request. HTTPS request HTTPS request
“What if I don’t care about security?”
“What if I don’t care about security?” • Google gives an SEO boost for HTTPS sites.
“What if I don’t care about security?” • Google gives an SEO boost for HTTPS sites. • Your site can be faster on HTTPS with HTTP/2, which requires HTTPS.
“What if I don’t care about security?” • Google gives an SEO boost for HTTPS sites. • Your site can be faster on HTTPS with HTTP/2, which requires HTTPS. • New browser features and APIs limited to HTTPS sites.
What is HTTPS not?
Try logging into a WordPress site as “eric” with password “a” HTTPS does not protect from brute force attacks.
Now try logging into a WordPress site as “eric” with password “b” HTTPS does not protect from brute force attacks.
How does HTTPS work?
How does HTTPS work? A server needs an SSL certificate and a private key.
During the HTTPS handshake… Server sends SSL certificate.
An SSL certificate includes a digital signature to identify the server, and a public key to assist with encryption.
Browser and server negotiate encryption with private/public key encryption
Certificate Authority (CA). A trusted organization.
How can a server provide identity? I really am nytimes.com, not some middle-man hacker!
Certificate Authority verifies a server. I really am nytimes.com, not some middle-man hacker! Yes, we verified you are.
After verification, a Certificate Authority provides an SSL certificate. Here’s an SSL certificate.
The digital signature proves that the CA created the certificate.
Browsers trust SSL certificates created by specific Certificate Authorities.

More Related Content

PDF
WPNYC: Moving your site to HTTPS
byPaul Schreiber
 
PPTX
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
byAnna Morrison
 
PDF
Modern API Security with JSON Web Tokens
byJonathan LeBlanc
 
PDF
Introduction to JWT and How to integrate with Spring Security
byBruno Henrique Rother
 
PDF
HTTPS: All you need to know
byOVHcloud
 
PPTX
Building Secure User Interfaces With JWTs (JSON Web Tokens)
byStormpath
 
PDF
Crypto workshop part 1 - Web and Crypto
byhannob
 
PDF
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
byAntonio Sanso
 
WPNYC: Moving your site to HTTPS
byPaul Schreiber
 
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
byAnna Morrison
 
Modern API Security with JSON Web Tokens
byJonathan LeBlanc
 
Introduction to JWT and How to integrate with Spring Security
byBruno Henrique Rother
 
HTTPS: All you need to know
byOVHcloud
 
Building Secure User Interfaces With JWTs (JSON Web Tokens)
byStormpath
 
Crypto workshop part 1 - Web and Crypto
byhannob
 
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
byAntonio Sanso
 

What's hot

PDF
Using OAuth with PHP
byDavid Ingram
 
PPTX
Token Based Authentication Systems with AngularJS & NodeJS
byHüseyin BABAL
 
PDF
JSON Web Token
byDeddy Setyadi
 
PDF
2016 pycontw web api authentication
byMicron Technology
 
PDF
Json web token api authorization
byGiulio De Donato
 
PPTX
JWT Authentication with AngularJS
byrobertjd
 
PDF
Integrity protection for third-party JavaScript
byFrancois Marier
 
PPTX
Securing Single Page Applications with Token Based Authentication
byStefan Achtsnit
 
PDF
Integrity protection for third-party JavaScript
byFrancois Marier
 
PDF
muCon 2016: Authentication in Microservice Systems By David Borsos
byOpenCredo
 
KEY
第0回ワススタ!! #wasbookを読もう
byTatsuya Tobioka
 
PPTX
Secure socket layer
byBU
 
PPTX
REST Service Authetication with TLS & JWTs
byJon Todd
 
PDF
20190516 web security-basic
byMksYi
 
PDF
Authentication: Cookies vs JWTs and why you’re doing it wrong
byDerek Perkins
 
PDF
What the Heck is OAuth and Open ID Connect? - UberConf 2017
byMatt Raible
 
PPTX
API Security : Patterns and Practices
byPrabath Siriwardena
 
PDF
Insecurity-In-Security version.1 (2010)
byAbhishek Kumar
 
PPTX
Micro Web Service - Slim and JWT
byTuyen Vuong
 
PDF
2018 ecuador deconstruyendo y evolucionando la seguridad en servicios rest
byCésar Hernández
 
Using OAuth with PHP
byDavid Ingram
 
Token Based Authentication Systems with AngularJS & NodeJS
byHüseyin BABAL
 
JSON Web Token
byDeddy Setyadi
 
2016 pycontw web api authentication
byMicron Technology
 
Json web token api authorization
byGiulio De Donato
 
JWT Authentication with AngularJS
byrobertjd
 
Integrity protection for third-party JavaScript
byFrancois Marier
 
Securing Single Page Applications with Token Based Authentication
byStefan Achtsnit
 
Integrity protection for third-party JavaScript
byFrancois Marier
 
muCon 2016: Authentication in Microservice Systems By David Borsos
byOpenCredo
 
第0回ワススタ!! #wasbookを読もう
byTatsuya Tobioka
 
Secure socket layer
byBU
 
REST Service Authetication with TLS & JWTs
byJon Todd
 
20190516 web security-basic
byMksYi
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
byDerek Perkins
 
What the Heck is OAuth and Open ID Connect? - UberConf 2017
byMatt Raible
 
API Security : Patterns and Practices
byPrabath Siriwardena
 
Insecurity-In-Security version.1 (2010)
byAbhishek Kumar
 
Micro Web Service - Slim and JWT
byTuyen Vuong
 
2018 ecuador deconstruyendo y evolucionando la seguridad en servicios rest
byCésar Hernández
 

Viewers also liked

PDF
The Automation and Proliferation of Military Drones and the Protection of Civ...
byAngelo State University
 
PPT
рисинка
bydou188
 
PPTX
Commodore 64 Mon Amour
byCodemotion
 
PDF
Let's go HTTPS
byCodemotion
 
PDF
Refactoring to a Single Page Application
byCodemotion
 
PDF
Single-Page Application Design Principles 101
byJollen Chen
 
PPTX
The road to Ember.js 2.0
byCodemotion
 
PPTX
Are Drones our best friends?
byCodemotion
 
The Automation and Proliferation of Military Drones and the Protection of Civ...
byAngelo State University
 
рисинка
bydou188
 
Commodore 64 Mon Amour
byCodemotion
 
Let's go HTTPS
byCodemotion
 
Refactoring to a Single Page Application
byCodemotion
 
Single-Page Application Design Principles 101
byJollen Chen
 
The road to Ember.js 2.0
byCodemotion
 
Are Drones our best friends?
byCodemotion
 

Similar to HTTPS and YOU

PPTX
Understanding-Web-Communication-HTTP-vs-HTTPS.pptx
bydevilkiller2311
 
PPT
Https
byBala Bhaskar Karakavalasa
 
PPTX
HTTP vs HTTPS Difference
byReal Estate
 
PPTX
HTTPS_Detailed_Presentation concept .pptx
byyvenkateswaracse
 
PPTX
HTTP and HTTPS.pptx this presentation is based on the two protocol.
byarslanahmadkhan295
 
PPTX
HTTPS-Request-and-Response by client and server.pptx
byAlluarjun896266
 
PDF
Https
byPooya Sagharchiha
 
PPTX
HTTPS
byJustin Denton
 
PPTX
Lecture 6- http
bySaman M. Almufti
 
PPTX
HTTPS presentation at Port80 Sydney meetup March 2016
byJason Stangroome
 
PPTX
http,https, hypertext transfer protocol and secured
bysanjaykr30
 
PDF
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
byGuy Podjarny
 
PPTX
presentation nasir11111111111111111.pptx
byMuhammadNasir342806
 
PPTX
HTTP.pptx...............................
byHalabja university - Kurdistan -Iraq
 
ODP
Https presentation
bypatel jatin
 
PPTX
HTTPS
byR.K. University
 
PPTX
HTTP & HTTPS
byNetProtocol Xpert
 
PPTX
HTTPS
bymaroti164
 
PPTX
Httpbasics 1207412539273264-9-converted
bycomputerorganization
 
PPTX
HTTP VS. HTTPS: WHICH IS BETTER??
bySEONetsolITSolutions
 
Understanding-Web-Communication-HTTP-vs-HTTPS.pptx
bydevilkiller2311
 
Https
byBala Bhaskar Karakavalasa
 
HTTP vs HTTPS Difference
byReal Estate
 
HTTPS_Detailed_Presentation concept .pptx
byyvenkateswaracse
 
HTTP and HTTPS.pptx this presentation is based on the two protocol.
byarslanahmadkhan295
 
HTTPS-Request-and-Response by client and server.pptx
byAlluarjun896266
 
Https
byPooya Sagharchiha
 
HTTPS
byJustin Denton
 
Lecture 6- http
bySaman M. Almufti
 
HTTPS presentation at Port80 Sydney meetup March 2016
byJason Stangroome
 
http,https, hypertext transfer protocol and secured
bysanjaykr30
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
byGuy Podjarny
 
presentation nasir11111111111111111.pptx
byMuhammadNasir342806
 
HTTP.pptx...............................
byHalabja university - Kurdistan -Iraq
 
Https presentation
bypatel jatin
 
HTTPS
byR.K. University
 
HTTP & HTTPS
byNetProtocol Xpert
 
HTTPS
bymaroti164
 
Httpbasics 1207412539273264-9-converted
bycomputerorganization
 
HTTP VS. HTTPS: WHICH IS BETTER??
bySEONetsolITSolutions
 

Recently uploaded

PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PPTX
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Workflow and decision Automation with Flowable
bychakib ch
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 

HTTPS and YOU

  • 1.
  • 2.
    What is HTTP? (or,how does the Internet work?)
  • 3.
    How HTTP works HTTPrequest I want to see a webpage nytimes.com/index.html
  • 4.
    How HTTP works HTTPrequest HTTP Response Here’s the content of index.html
  • 5.
    Why is HTTPinsecure?
  • 6.
    Request data isunencrypted, and servers don’t need to provide their identity over HTTP
  • 7.
    HTTP is unencrypted.The data can be read by any intermediary. HTTP request Insecure wifi Attacker can read the user’s HTTP request and response. “Hmm, looks like Eric is interested in Twitter stock…” I want to see a webpage nytimes.com/twitter- stock-plummets/
  • 8.
    HTTP is unencrypted.The data can be read by any intermediary. HTTP request Insecure wifi I wonder what a jorf is… Log into my WordPress site with my username “eric” and my password “jorf”
  • 9.
    HTTP request I wantto see a webpage nytimes.com/index.html An attacker can catch the request (DNS Spoofing, etc) HTTP doesn’t require server identification. Any intermediary can spoof a request.
  • 10.
    HTTP request The attackerreturns spoofed content of index.html which says Russia bombed the U.S. HTTP Response HTTP doesn’t require server identification. Any intermediary can spoof a request.
  • 11.
    What security doesHTTPS provide?
  • 12.
    All data inthe request is encrypted, except the delivery address. HTTPS request Send to 182.23.194.39 Fwu3489fehu9fr93wehufu9ef89y3 hu9efhiufhr803 (encrypted request data) I want to see a webpage nytimes.com/index.ht ml
  • 13.
    All data inthe request is encrypted, except the delivery address. HTTPS request Send to 212.39.10.88 sdfj83jof83hfajnksdc83hud08duh3 8dhe8y38h383 (encrypted response data) HTTPS response Here’s the content of index.html
  • 14.
    HTTPS request HTTPS isencrypted. The data can’t be read by any intermediary. Insecure wifi Attacker can eavesdrop on the encrypted conversation, but doesn’t understand it. Log into my WordPress site with my username “eric” and my password “jorf” Send to 182.23.194.39 Fwu3489fehu9fr9ufu9ef89 y3hu9efhiufhr803 (encrypted request data)
  • 15.
    I want tosee a webpage nytimes.com/index.html The attacker can’t spoof the server’s identification. HTTPS requires server identification. An intermediary can’t spoof a request. HTTPS request
  • 16.
    Only the serverwith valid identification can respond to the request. HTTPS requires server identification. An intermediary can’t spoof a request. HTTPS request HTTPS request
  • 17.
    “What if Idon’t care about security?”
  • 18.
    “What if Idon’t care about security?” • Google gives an SEO boost for HTTPS sites.
  • 19.
    “What if Idon’t care about security?” • Google gives an SEO boost for HTTPS sites. • Your site can be faster on HTTPS with HTTP/2, which requires HTTPS.
  • 20.
    “What if Idon’t care about security?” • Google gives an SEO boost for HTTPS sites. • Your site can be faster on HTTPS with HTTP/2, which requires HTTPS. • New browser features and APIs limited to HTTPS sites.
  • 21.
  • 22.
    Try logging intoa WordPress site as “eric” with password “a” HTTPS does not protect from brute force attacks.
  • 23.
    Now try logginginto a WordPress site as “eric” with password “b” HTTPS does not protect from brute force attacks.
  • 24.
  • 25.
    How does HTTPSwork? A server needs an SSL certificate and a private key.
  • 26.
    During the HTTPShandshake… Server sends SSL certificate.
  • 27.
    An SSL certificateincludes a digital signature to identify the server, and a public key to assist with encryption.
  • 28.
    Browser and servernegotiate encryption with private/public key encryption
  • 29.
    Certificate Authority (CA). Atrusted organization.
  • 30.
    How can aserver provide identity? I really am nytimes.com, not some middle-man hacker!
  • 31.
    Certificate Authority verifiesa server. I really am nytimes.com, not some middle-man hacker! Yes, we verified you are.
  • 32.
    After verification, aCertificate Authority provides an SSL certificate. Here’s an SSL certificate.
  • 33.
    The digital signatureproves that the CA created the certificate.
  • 34.
    Browsers trust SSLcertificates created by specific Certificate Authorities.