Secure Web applications
A Web application consists of different Web components, such as HTML pages, JSPs and servlets; all these form Web pages on the server side. On the client side, a Web browser is usually used to issue a request for a Web resource. The request goes to the application server. WebSphere Application Server then processes all the Web components which form the requested Web resource, creates a Web page and sends it back as the response. The browser transforms responded Web page in more human readable format and presents it on the screen.
Transport channel
Transport channel refers to the communication channel between Web client and Web application server. The communication can be classified into different layers, each has its own functions and scope. Here we will focus on the topmost layer of communication between Web clients and Web application servers. So-called protocols define different communication types and HTTP protocol is used for as application communication protocol between Web clients and Web application servers. Using purely HTTP, the data flow is not encrypted, so anybody who could intercept it would understand the content. For securing the transport channel, we need secured HTTP, which is called HTTPS. Usually, HTTP runs on top of the TCP transport protocol and to secure it, we need SSL. In summary, for encrypted communication between Web clients (browsers) and Web application servers (WebSphere Application Server) we use HTTPS which runs on top of SSL secured TCP transport channel.