Home › BCA Cyber Security › cybersecurity › Web Security — OWASP › What does HTTPS provide over plain HTTP?
What does HTTPS provide over plain HTTP?
AFaster page loads on every device
Bencryption + integrity + server auth
CBigger download sizes for assets
DBetter SEO ranking on Google
Answer & Solution
Correct answer: B. encryption + integrity + server auth
1. HTTPS = HTTP over TLS (Transport Layer Security).
2. TLS provides three security properties:
• CONFIDENTIALITY: data encrypted in transit (no eavesdropping).
• INTEGRITY: cryptographic MAC ensures data wasn't modified in transit.
• SERVER AUTHENTICATION: certificate chain proves you're talking to the legit server (mitigates MITM attacks).
3. Modern TLS versions: TLS 1.2 (acceptable), TLS 1.3 (preferred). Older SSL/TLS versions are insecure and deprecated.
4. Cert authority hierarchy: CAs (Let's Encrypt, DigiCert) issue certificates after verifying domain ownership.
5. OWASP and NIST require HTTPS EVERYWHERE for any user-facing application.
_Source: NIST SP 800-52 + OWASP Top 10 2021 A02 (Cryptographic Failures) — recommends HTTPS._
Related questions
Which OWASP category covers using libraries with KNOWN CVEs?OWASP recommends LOGGING and MONITORING for the SECURITY LIFECYCLE becauseAn IDOR (Insecure Direct Object Reference) attack happens whenCROSS-SITE REQUEST FORGERY (CSRF) is best mitigated byWhich mitigation is the SINGLE most effective defense against SQL Injection?SERVER-SIDE REQUEST FORGERY (SSRF) — A10 in OWASP 2021 — happens whenWhat does the SECURITY MISCONFIGURATION category (A05 in 2021) typically include?The OWASP 2021 category A04 'INSECURE DESIGN' is a NEW category that addresses