Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
51
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
51
Docker Images Best Practices
boris
0
51
Software Freedom Day 2015
boris
0
39
Code Driven Infrastructure
boris
0
61
hola mundo
boris
0
58
DevOps Tools: Chef + Vagrant
boris
0
220
Kitchen.CI
boris
0
110
Hands-on Lab
boris
0
74
Tech, Method & Philosophy for the cloud
boris
0
49
Other Decks in Technology
See All in Technology
静的解析で実現した効率的なi18n対応の仕組みづくり
minako__ph
1
140
【LT】ソフトウェア産業は進化しているのか? #Agilejapan
takabow
0
110
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
7
690
OS 標準のデザインシステムを超えて - より柔軟な Flutter テーマ管理 | FlutterKaigi 2024
ronnnnn
1
300
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
570
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
1
1k
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
200
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
780
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
10
1.4k
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.2k
Featured
See All Featured
Side Projects
sachag
452
42k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Automating Front-end Workflow
addyosmani
1366
200k
Writing Fast Ruby
sferik
627
61k
Documentation Writing (for coders)
carmenintech
65
4.4k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
130
Happy Clients
brianwarren
98
6.7k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
Gamification - CAS2011
davidbonilla
80
5k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
minako__ph
takabow
10xinc
ronnnnn
fumiyasac0921
kazuhitotakahashi
nobutomurata
salaboy
oracle4engineer
minorun365
shujisado
sachag
kevinliebholz
addyosmani
sferik
carmenintech
bluesmoon
brianwarren
jcasabona
sonatard
csswizardry
davidbonilla
caitiem20
