In the first part of my blog series, about web site security, I discussed the need for secure pages within a web site that is capturing a user’s personal information and some of the terminology. In the next instalment I will be discussing how you check the security and validity of the secure pages of a web site. This is useful to know about from a web site publisher point of view also, as if you have secure pages you can hopefully be sure that they are as secure as they should be!
How do I know if a web page is secure?
Normally, there are two general indications of whether you are visiting a secured web page.
- The first way is to check the web page URL. When you are browsing the web, the web page addresses (known as URLs) begin with the letters "http". However, when you are browsing pages over a secure connection the address displayed should begin with "https".
- The other way is to check for the padlock icon. There is an excepted standard among web browsers to display a "padlock" icon within the window of the browser. It will definitely not be displayed in the web page display area itself! The position of the padlock icon will vary between different browsers and versions.
The padlock icon is not just a visual element of the browser it is interactive and clicking (or double-clicking) on it will enable you to see details of the web site's security. This is useful thing to know about as some fraudulent web pages are built with a bar at the bottom of the web page itself to imitate the padlock icon of your browser!
To try it on your browser visit a secure web page address, such as https://www.thawte.com/
If you click on the icon (this example is on Internet Explorer 9) more details can be seen.
With a click on the “View certificates” link, the specific details of the certificate can be seen.
This includes the general information about who the certificate has been issued by and issued to, which includes the dates the certificate is valid between. The further details will show all the very specific details about that certificate.
Remember, as a customer when using a part of a web site that is asking for information that is personal to you:
- Check for that "https" in the prefix of the web page address.
- Click on that "lock icon" in the status bar of your browser.
If everything looks good, the company or individual(s) running that web site have provided you with a safe means of communicating your sensitive information. The means web page is "secure".
Understanding HTTPS & SSL
Hopefully, you are now aware of some of the checks (in various web browsers) that you can make. This is obviously useful knowledge as an end user of a web site to be sure that the pages making claim about being secure are actually secure. This can also be very relevant when in the future you come to check that your own web site’s secure pages are behaving properly.
In the third and final part of the series I will discuss how you enable secure pages on a web site and also highlight some of the potential issue when creating secure web content.