Difference Between HTTP & HTTPS

AAT Team — Thu, 24 May 2018 10:48:49 +0000

Today we will discuss the difference between HTTP and HTTPS is? While browsing the internet, you have seen that some sites are loaded with HTTP, and some are loaded with HTTPS. In this article, we will study the differences between HTTP and HTTPS.

What is the concept?

HTTP stands for HyperText Transfer Protocol, while HTTPS stands for HyperText Transfer Protocol Secure. Both protocols is used for the transmission of data from source to destination over the internet. In technical terms, HTTP and HTTPS both are used for exchanging information between the user’s browser and the web server. The basic difference between HTTP and HTTPS is extras, which ensure data transfer securely over an untrusted network called the internet.

HTTP is a widely used protocol for exchanging information over the internet. It uses default port 80. The main weakness of this protocol is it sends data in plain text. Assuming you are entering credit card details while payment on an e-commerce website—those payment details are transmitted to the server in plain text. If a malicious user intercepts the traffic, which is not much difficult, he/she easily views credit card details. This created a risk of exposure to sensitive data. This risk is mitigated by using the protocol HTTPS.

How does HTTPS secure data?

This protocol helps the internet in transmitting data more securely. HTTPS is used to exchange information or data over the internet, but this protocol encrypts data before sending it to the communication channel. It uses default port 443. It secures traffic by encrypting data by using cryptographic algorithms such as symmetric and asymmetric algorithms. By using HTTPS, both the server and the user’s browsers use a secret key to access data. If a malicious attacker intercepts data, data is still useless for the attacker as it is encrypted. Data only be decrypted by using the secret key. In this way, traffic remains secure while transmitting.

Difference between HTTP and HTTPS

HTTP	HTTPS
In http, url begins with http://	In https, url begins with https://
It uses default port 80 for transmission of data.	It uses default port 443 for transmission of data.
Works on the Application layer.	Works on the Transport layer.
Data is transmitted in plain text over the internet.	Data first encrypted and then transmitted over the internet.
No certificate is required.	SSL certificate is required.
Considered as insecure transmission.	Considered as secure transmission.

The post Difference Between HTTP & HTTPS first appeared on All About Testing.

Difference between Vulnerability, Threat and Risk

AAT Team — Sun, 11 Feb 2018 16:47:12 +0000

In this article, we will see a basic difference between Risk, Vulnerability, and Threat. Also, we discuss examples for more clarity on these terms. As a security professional, you should know and understand the differences between risk, vulnerability, and threat.

What is Vulnerability?

Vulnerability is a known weakness in an IT system or organization. It is also called a weak link in the system. One example of vulnerability is a former employee of an organization or company if you have not disabled access to the company’s login credentials. Define a process to remove all accounts and permission when an employee leaves the organization. Identification of security vulnerabilities is important in any organization. After identifying, and understanding vulnerabilities, and mitigating them if possible. Configure proper controls and policies while implementing. Weaknesses in the system should be identified, and proactive measures should be taken to correct identified vulnerabilities in the system. As a security professional, identifying vulnerabilities is the first step toward a secure IT system.

What is the Threat?

The Threat is defined as an incident that causes harm to the organization. Harm may be in the form of sensitive data theft or any other incident that harms the organization’s reputation or business. Threats can be characterized mainly by three types: natural threats, unintentional threats, and intentional threats. Natural threats happen due to natural disasters such as floods, hurricanes, earthquakes, etc. Unintentional threats are generally those incidents that occurred because of the mistake of an employee of the same organization. There are many examples of Intentional threats, including spyware, adware, and other attacks done by hackers to harm the reputation or for any monetary gain. Wanna cry ransomware? The Petya ransomware attack is the best example of an intentional threat that happened recently.

Threats are generally not in control although they can be minimized by defining strict policies and following best practices.

What is Risk?

The risk is the potential loss of an organization on exploiting the vulnerability of the threat agent. Examples of risk include loss of reputation, sensitive data loss, monetary loss, etc. The risk is directly proportional to vulnerability and threat; it is also defined as a product of threat and vulnerability.

Risk = Threat X Vulnerability

Although the probability of Risk can be reduced by following best practices to manage IT systems.

Conclusion

Regular Vulnerability Assessments and Penetration Testing by the external organization is one such measure to reduce risk in the IT system of an organization.

The post Difference between Vulnerability, Threat and Risk first appeared on All About Testing.

difference | All About Testing