What is HTTPS and how does it differ from HTTP?
Why Interviewers Ask This
Foundational questions like this help interviewers calibrate the rest of the interview. A confident, accurate answer signals that you have solid Cybersecurity / Web Security basics — a prerequisite for any developer role.
Answer
HTTP (HyperText Transfer Protocol) transmits data in plaintext — anyone who intercepts the traffic can read it. HTTPS (HTTP Secure) wraps HTTP in TLS/SSL encryption, providing three guarantees: (1) Confidentiality: data is encrypted in transit. (2) Integrity: data cannot be tampered with undetected (MAC). (3) Authentication: the server's identity is verified via a digital certificate issued by a trusted Certificate Authority (CA). HTTPS uses port 443 (HTTP uses port 80). The TLS handshake negotiates cipher suites, exchanges keys, and establishes a secure session before any application data is sent. Modern browsers mark HTTP sites as "Not Secure." All websites handling any sensitive data (including login forms) must use HTTPS.
Pro Tip
Demonstrate both theoretical understanding and practical experience. Say what it is, then give an example of how you actually used it in a Cybersecurity / Web Security codebase.