WebSocket is a web protocol that opens a persistent, bidirectional connection between a browser or client app and a server. Unlike ordinary HTTP requests, which are usually short-lived and client-initiated, a WebSocket session stays open so both sides can send data in real time. That makes it useful for chat, trading dashboards, collaboration tools, and live notifications.
In cyber security, WebSocket matters because its traffic can be harder to inspect with tools built around standard HTTP logging. Attackers may use it for stealthy command-and-control, browser-based data theft, or payment skimming that sends stolen fields through the victim’s own session. Defenders should monitor message content, validate origins, require strong authentication, and log WebSocket events separately from normal web requests.



