A hypertext transmission protocol secure (HTTPS) debugger is a software program that is designed to scan and analyze the hypertext markup language (HTML) upon which websites are built. It finds errors in the code that would make it vulnerable to attacks. HTTPS is a special subdivision of hypertext transfer protocol in general that includes the encryption of data transfers back and forth between websites and users, as well as authentication of websites and network server locations to avoid fraudulent activity such as phishing. Phishing is a practice where fake copies of legitimate websites attempt to obtain personal information and financial data from visitors, and a HTTPS debugger is designed to prevent this by making sure that a website meets security standards.
The HTTPS protocol incorporates what is known as secure sockets layer (SSL) for the “S” in the term. A website that uses SSL is encrypting all the data that is sent back and forth from it, so that it cannot be intercepted and understood by anyone en route except for its intended recipient. The user who is interacting with the website will have a built-in decryption key program to return the data to normal readability. Using a HTTPS debugging tool will allow a website designer to see how all of this encrypted data looks as it is transferred back and forth to the site, as well as the usually hidden file header, cookie, and memory cache information that is attached to files and all internet traffic.
Both free and commercial versions of HTTPS validator software exist online. One important aspect of any HTTPS debugger is that it must take into account what is being done on the server side of Internet traffic as well. Coding schemes for websites that use active server pages (ASP) or a hypertext preprocessor (PHP) are designs where activity is initiated by a website visitor, but actually is run through programs located on the server. A PHP debugger, therefore, analyzes what is known as server-side caching, where HTML and browser information is stored in server memory, which can also have security issues of its own.
One of the main underlying principles of a HTTPS debugger is that it looks at the validation of server side certificates. A server side certificate is stored on a server for a website that is known and trusted. When a user's browser is directed to that website, the HTTPS code examines the certificate to make sure it is valid. If it is not recognized, the website may, in fact, be fraudulent, and the HTTPS debugger is designed to make sure that this website functionality is working properly and that the user is notified when a certificate does not match expected parameters. A limitation of this security is that digital certificates must be purchased from a certification authority (CA) and small business websites often don't bother to obtain them, or let the ones they have expire.