Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
50
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
50
Docker Images Best Practices
boris
0
49
Software Freedom Day 2015
boris
0
39
Code Driven Infrastructure
boris
0
58
hola mundo
boris
0
53
DevOps Tools: Chef + Vagrant
boris
0
220
Kitchen.CI
boris
0
110
Hands-on Lab
boris
0
68
Tech, Method & Philosophy for the cloud
boris
0
47
Other Decks in Technology
See All in Technology
Babylon.jsと色々なものを組み合わせる:ブラウザのAPIやガジェットや2D描画ライブラリなど / Babylon.js 勉強会 vol.3
you
PRO
0
150
IaCジェネレーターとBedrockで詳細設計書を生成してみた
tsukasa_ishimaru
4
870
Handling focus in 2024
tahia910
0
200
プロンプトエンジニアリングでがんばらない-Agentic Workflow へ-近藤憲児
kenjikondobai
6
1.1k
Cloud Service Mesh に触れ合う
phaya72
1
130
MixIT 2024 - Pulumi : Gérer son infra avec son langage de programmation préféré
ju_hnny5
1
120
Gitlab本から学んだこと - そーだいなるプレイバック / gitlab-book
soudai
7
1.3k
EM完全に理解した と思ったけど、 やっぱり何も分からなかった話 / EM Night Fukuoka #1
hirutas
0
260
【SORACOM UG 東海】あらゆるモノがつながる社会へ、IoT と SORACOM
soracom
PRO
1
130
【基本】データベース設計
oracle4engineer
PRO
2
120
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
1.1k
いいたいことちゃんという
tkengo
0
220
Featured
See All Featured
GraphQLとの向き合い方2022年版
quramy
33
12k
Web development in the modern age
philhawksworth
203
10k
Designing on Purpose - Digital PM Summit 2013
jponch
111
6.5k
Being A Developer After 40
akosma
66
580k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
126
32k
Git: the NoSQL Database
bkeepers
PRO
423
63k
Embracing the Ebb and Flow
colly
80
4.2k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
The Brand Is Dead. Long Live the Brand.
mthomps
49
29k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Designing for Performance
lara
602
67k
Agile that works and the tools we love
rasmusluckow
325
20k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com