• Home
  • University of the People
  • Data Structures (proctored course) CS 3303
  • Understanding Transport Layer Security (TLS) in Web Application Security

Understanding Transport Layer Security (TLS) in Web Application Security

Discussion Assignment Unit 8 CS 2204-01 Communications and Networking - AY2023-T5 University of the People Majd Alhaddad Transport Layer Security (TLS). The Transport Layer Security, or TLS, protocol is a widely supported security protocol designed to facilitate privacy and data security for communications over the Internet. The primary use case for TLS is to encrypt communication between web applications and servers, such as web browsers that load a website. TLS can also be used to encrypt other communications such as email, messaging, and Voice over IP (VoIP). In this article we will focus on the role of TLS in web application security. TLS was proposed by the Internet Engineering Task Force (IETF), an international standards organization, and the first version of the protocol was published in 1999. The latest version is TLS 1.3, which was published in 2018. What is the difference between TLS and SSL? TLS evolved from an earlier encryption protocol called Secure Sockets Layer (SSL), which was developed by Netscape. TLS 1.0 had already begun development as SSL 3.1, but the name of the protocol was changed prior to publication to indicate that it was no longer associated with Netscape. Because of this history, the terms TLS and SSL are sometimes used interchangeably. What is the difference between TLS and HTTPS? HTTPS is an implementation of TLS encryption on top of the HTTP protocol, which is used by all websites as well as some other web services. So any website that uses HTTPS uses TLS encryption. Why should businesses and web applications use TLS? TLS encryption can help protect web applications from data breaches and other attacks. Today, TLS-protected HTTPS is standard practice for websites. Google Chrome gradually cracked down on non-HTTPS sites, and other browsers followed suit. Everyday netizens are more wary of websites that do not have an HTTPS lock token. What does TLS do? There are three main components to what the TLS protocol accomplishes: encryption, authentication, and integrity. · Encryption: Hides data that is transferred from third parties. · Authentication: Ensures that the parties sharing information are who they claim to be. · Integrity: Verifying that data has not been falsified or tampered with. How does TLS work? In order for a website or application to use TLS, it must have a TLS certificate installed on its originating server (the certificate is also known as an "SSL Certificate" due to the naming confusion explained above). A TLS certificate is issued by a Certificate Authority to the person or company that owns a domain. The certificate contains important information about who owns the domain, along with the server's public key, both of which are important for verifying the server's identity. A TLS connection is initiated using a sequence known as a TLS handshake. When a user goes to a website that uses TLS, a TLS handshake begins between the user's machine (also known as the client machine) and the web server. During a TLS handshake, the user machine and the web server: . Select