Hypertext markup language (HTML) is a markup language used to create webpages and web applications. A markup language makes use of tags. These are keywords that define the structure of a webpage and how the browser must display the content of the web page. The tags are not displayed. If a browser reads a tag that it does not understand it will ignore it. Without HTML tags a browser could not display text or load images. HTML tags usually have an opening tag with attributes and a closing tag that has a forward slash. This is an example of an HTML element using the anchor tag which facilitates hyperlinks: < a href=”mypage.html”> Click here for my page <\a> The table opposite shows the structure of the HTML element above. 

This online tutorial is a great tool for learning how HTMl is used to create websites.

CSS is a language that describes how the HTML elements in a web page should be displayed. The <style > tag is used to achieve this. When web pages are to be displayed on different devices such as mobile phones, CSS is used to define any layout and differences in display .

A simple example of CSS is shown below. The example defines the style settings for the web page background, the heading text (h1) and the paragraph text (p). 

In reality HTML was not meant to contain style elements. When attributes such as color were added to HTML it became more difficult for web developers to manage large websites. The W3C created CSS to remove these elements from HTML pages. When a style definition is associated with a webpage, it can be stored externally in CSS files (.css) and linked to the webpage. This means that one style sheet can be used for a number of pages or all of the pages on a website.

 This saves on developer time and allows one change in the .css file to make a change throughout the website. Also, different style sheets can be linked to the same web page to ensure that the content of the web page is presented appropriately regardless of the device displaying it. Since formatting definitions can be used within a webpage and externally to a webpage, W3C has specified rules to determine which definition takes precedence. This is why the term ‘cascading’ is used when referring to stylesheets. 

A CSS statement is made up of a selector and a declaration block. Consider the example above. 

h1                  {color: purple; text-align: center;} 

Selector                        declaration block 

The declaration block contains properties followed by their value. A simple CSS example. 

Client-side and Server-side processing 

The client–server model of networking splits the processing workload between the server computer, which provides resources and services and the client computer which requests services. Applications are installed on the server and used at the client computer. 

Examples of servers are web servers and file servers. Devices linked to these servers are clients for example laptops, smartphones and other mobile devices. Client-side scripting and processing enables interaction on a webpage. The code needed to handle user-input is downloaded and executed by the browser or a plug-in on the client computer. An example of a client-side interaction is when a user clicks on a button or enters data into a form. Javascript is a client-side programming language. 

Server-side scripting and processing sends data to the server across the internet. The server then runs an application that processes the information and returns the results, typically a webpage. PHP is a server-side programming language. Webpages can contain interactive elements. Processing of the interactions can be server-side or client-side. Data transmission can be enhanced by more client-side processing. 

In the case of a travel booking, the booking form is completed and validated at the client computer then sent to the server to complete the booking. This is more effective as the server will receive a correctly completed booking form. It will not have to be returned due to errors on the form. The server can complete the booking since it has the data on availability. 

Cryptography is the science of hiding information. The process of transformation itself is called encryption. To encrypt the data an algorithm or cipher is used. Encryption is a method of providing security for data both when it is stored electronically and whilst it is being transmitted. The data is ‘scrambled’ using an encryption key. This encrypted data is meaningless to anyone accessing it. The data must be decrypted using a key, so that it can be understood. 

Some systems use the same key for encryption and decryption, particularly if the number of users is small.

Public key cryptography uses two different keys, one for encrypting the data and a different one for decrypting the data. This Public and Private key pair are linked and both keys are needed to encrypt and decrypt data. The Public Key is available to everyone but the Private Key is confidential and specific to a particular receiver. 

The key pair is mathematically related, so, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa. If user A wants to send an encrypted message to user B, user A will encrypt the data using user B’s Public Key. Only user B has the matching Private Key to decrypt the message. Therefore, if a third party accesses the encrypted data, they will not be able to read or decrypt it as they do not have the Private Key. The Public Key is available to anyone so, it is possible that a forged message could be sent to user B. In order to prevent this, digital signatures are used. 

Public and private keys There is a unique mathematical relationship between a public key and its corresponding private key Data encrypted with a public key can only be decrypted by its corresponding private key 

Comparison 

The public key is made available via a publicly accessible directory The sender encrypts the data using the recipient’s public key The private key remains confidential to its owner – the recipient 

Only the recipient has the corresponding private key to decrypt the 

A digital signature is a part of a message that is encrypted by the sender. It is used to confirm that the sender is who they say they are. The receiver first verifies the signature using the sender’s public key. After ensuring the validity of the signature, the receiver then retrieves the data through decryption using his/her own Private Key. 

A digital certificate is also used to verify a sender’s authenticity. It is used widely with websites. Companies or individuals requiring digital certificates apply to a trusted third party called a Certificate Authority (CA), a company which provides online certification. An example of a CA is Verisign. The CA provides an encrypted digital certificate which contains, among other things, the user’s public key. This connects an individual or website with a particular public key therefore the trusted third party verifies their identity. When a company asks for a certificate, they have to give information about the web server and the location of the company. CA will authenticate this information. The CA authority then creates and signs the certificate. The certificate is given back to the company who installs it on the server. Browsers are shipped with information about the certificates. In particular the Public Key for the certificates and so they can check the authenticity of most certificates. Digital certificates can be: 

• Personal – used by individuals who need secure email; 

• Organisation – used by organisations for employees who need secure email and web transactions; 

• Server to prove ownership of a domain name or for use with SSL 

• Developer – to prove ownership of software/ programs 

All data transmitted across HTTP connections are in ‘plain text’ and can be read by any individual who can hack into the connection between a browser and a website. 

Hypertext Transfer Protocol Secure(https) is used to encrypt data when it is being transferred across the Internet. A page displaying https:// at the beginning of the web address will make use of encryption to secure data transmission. HTTPS web pages use SSL (or TLS –Transport Layer Security). During this process, a Public and Private Key are utilised together with a digital certificate. This ensures that if a hacker did break into the connection, they could not decrypt any of the data.

SSL is a protocol used to open a secure channel or encrypted link between two computers online. It is used when a web browser needs to connect securely to a web server. SSL certificates exist to encrypt data and identify websites. This allows a web browser to trust a website so that sensitive data can be transmitted safely. The goal is end to end trusted communication. SSl instantly encrypts plain text like credit card numbers into data that only the user and website can decrypt. SSL ensures that the data is not modified and it authenticates websites. To verify that SSL is protecting a page, look for a web address beginning https:// and a closed padlock icon.

Companies using an extended validation display the data in a green address bar. An SSL digital certificate shows that the website is secure and visitors can be re-assured that their data will be protected whilst using it. If a website is not using SSL, any data being transmitted can be accessed by any computer on the network. When doing online banking we are using SSL and HTTPS. The following steps occur: 

• The client computer requests an SSL connection 

• The server answers and provides an SSL certificate which contains a public key 

• The client computer validates the certificate and public key 

• The client computer generates a session key and submits it to the server 

• The SSL connection is established