Quickly Check A Website’s HTTPS Security

[Batu69]

Most of you will be aware that whenever you visit a website or page where you need to input sensitive information, such as a banking site or the checkout on a shopping site, the address of the site/page should be prefixed with “https” rather than the insecure “http”. The added “s” on the end stands for “secure” and is your guarantee that the information you are providing is being encrypted, making it more difficult for a hacker to intercept your data.

The https security protocol is managed via a system of certification. In order to enable the use of encryption, the web site’s operator first needs to apply for an SSL Certificate, which is, in effect, a small text file installed on the server to verify their identity. These certificates are only granted once the web site operator has proved their identity to a trusted source (such as Symantec, Comodo, GeoTrust) and usually expire after a year or 2, requiring a fresh application.

Wikipedia briefly describes https thus:

HTTPS creates a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.

As you can see from the provisos included in the above quote, https security relies heavily on the correct server certification and strong encryption techniques. You may have read recently about SSL vulnerabilities because of sites with older, weaker encryption protocols, including names such as “Heartbleed” and “Freak”.

Check A Website's HTTPS Security