HTTPS is a baseline prerequisite for a secure web application. By measuring bytes on the wire and microseconds elapsed, we can see the exact performance effect of HTTPS vs HTTP. In doing so, we may discover that optimizing other aspects of the application improves latency and throughput more than turning off HTTPS does. We present free tools to help you measure your application.
Many factors affect objective and subjective site performance, including:
The cost of TLS/SSL is often misunderstood:
Optimizing these other factors can save you money, improve the user experience, and make the use of HTTPS the least of your performance concerns—in turn, enabling application security. Measurement allows us to identify performance problems, helping us provide a safe and responsive experience for our users.
Chris Palmer is a senior security consultant with iSEC Partners, a strategic digital security company. Prior to iSEC, Chris worked for the Electronic Frontier Foundation where he provided technical management and analysis of several key EFF projects and provided technical advice to EFF (and other) lawyers. Prior to the EFF, Chris built web applications.
Have a suggestion for a speaker or topic at Web 2.0 Expo San Francisco? Send an email to: firstname.lastname@example.org
View a complete list of Web 2.0 Expo contacts.