WebSocket native defence mechanisms
By default, the WebSocket protocol is designed to be secure. In the real world, you might encounter various issues that might occur due to poor browser implementation. No need to worry though. As time goes by, browser vendors fix any issues immediately, and if you still feel afraid, you can always use some old-school fallback techniques (described in the next chapter).
SSH/TLS
As you have probably guessed, an extra layer of security is added when you use secure WebSocket connection over SSH (or TLS). Remember when you needed to decide between HTTP and HTTPS? You picked HTTPS only when it was absolutely necessary for your transactions (for example, bank account information, private data, and so on). Otherwise, HTTP was the way to go, as it is more lightweight and fast. HTTPS required more CPU resources and was quite slower than HTTP.
In the WebSocket world, you do not need to worry about the performance of a secure connection. Although there is still an extra...