WebSockets are a mechanism that allow a client (typically a web page) to talk to a server without the overhead and complications that web services may pose. The client first establishes a connection using http and then makes a request to switch over to websockets; the process is described in RFC 6455 <https://tools.ietf.org/html/rfc6455>__. Using this technology simplifies development of elaborate web based clients and reduces web traffic, which is pretty sweet for developed and admins alike

Unfortunately, not properly securing websockets is pretty sweet for attackers, and can lead to information leakage or, in extreme cases, code execution on the server. If you’re used to setting up authentication using a framework and letting things rub on their own, you will have to rethink your strategy; and if you plan on doing something like piping your users’ input to another library or executable, be particularly careful about sanitizing it! While the way to a man’s heart is through his stomach, the way to a server’s heart is through user inputs.