Skip main navigation

New offer! Get 30% off one whole year of Unlimited learning. Subscribe for just £249.99 £174.99. New subscribers only T&Cs apply

Find out more

The Importance of HTTP Versus HTTPS

In this video, you will learn the difference between http and https.
6.2
In this video we’re talking about the importance of HTTP versus HTTPS. So what is the difference? Normally when you browse the internet, you type in HTTP, colon, forward slash, forward slash, WWW, and whatever the URL is, such as Google.com. There is another protocol that you can use. There’s HTTPS. So HTTP stands for Hypertext Transfer Protocol, which is the older form of communication for browsing the web. There’s also HTTPS, which stands for Hypertext Transfer Protocol Secure, meaning that transmission is actually encrypted. So the problem with HTTP traffic is, since it’s unencrypted you’re transferring information in plain text. So let’s take a look at what that actually means. So here I have a programme called DVWA.
60.5
And this is a programme designed to be vulnerable. So what I’m going to do is I’m going to start up a Wireshark transmission here. And let me X out of that. And here is Wireshark. So Wireshark is a packet sniffing programme. It’s designed to analyse network traffic. So I’m just going to select my connection here. I’m going to start up my Wireshark. OK, and we’re going to go back to the browser. So here’s DVWA again. This is a vulnerable system designed to be exploited. So right now I’m sniffing traffic going to this web page here. So I’m going to type in “admin”. And then I’m going to type in the password for this.
102.1
OK, and I’m going to be logged in. So here I’m logged in. And again, this is over HTTP traffic. So I’m going to stop this capture here. I’m going to type in HTTP. And we’re going to take a look at the HTTP traffic. OK, let me Zoom in a little bit here. And if I scroll down in here, we could see in here all the traffic here. It’s actually started analysing all the traffic. And we can see username equals admin, and password equals password, which is correct. It is admin and password. So I could be on any website over HTTP. And potentially, if someone’s running a packet sniffer, such as Wireshark, they could see my password and login information.
150.5
If I ran this over HTTPS, however, that transmission would be encrypted. I wouldn’t be able to just look at it over a packet sniffer like this. So that’s the main importance of using a HTTPS. So let’s continue here.
167.8
So final remarks: HTTPS should always be used whenever possible. HTTP traffic should be avoided if you can avoid it. And remember, log in through HTTP. Transmit your login and password in plain text. So anyone running a packet sniffer, such as we saw in Wireshark, can intercept that information and get your login credentials and password. So you do need be very careful about that. So in the next video, we’ll be taking a look at download precautions and hash checking in download best practises. Thank you for watching. I’ll see you in the next video.

In this video, you will learn the difference between HTTP and HTTPS.

Remember that HTTP stands for Hypertext Transfer Protocol while HTTPS stands for Hypertext Transfer Protocol Secure. If you visit an HTTP website, you may be at risk for attacks.

Reflect and share: Are there any websites you regularly visit that are unsecure?

This article is from the free online

Cyber Security Foundations: Why Cyber Security is Important

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now