Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
55
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
60
Docker Images Best Practices
boris
0
57
Software Freedom Day 2015
boris
0
46
Code Driven Infrastructure
boris
0
70
hola mundo
boris
0
66
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
80
Tech, Method & Philosophy for the cloud
boris
0
55
Other Decks in Technology
See All in Technology
AI開発の落とし穴 〜馬には乗ってみよAIには添うてみよ〜
sansantech
PRO
9
4k
SREの仕事を自動化する際にやっておきたい5つのポイント
jacopen
6
1k
これまでのネットワーク運用を変えるかもしれないアプデをおさらい
hatahata021
4
280
M5Stack Chain DualKey を UIFlow 2.0 + USB接続で試す / ビジュアルプログラミングIoTLT vol.22
you
PRO
2
120
アウトプットはいいぞ / output_iizo
uhooi
0
140
書籍執筆での生成AIの活用
sat
PRO
1
210
BiDiってなんだ?
tomorrowkey
2
490
BPaaSオペレーション・kubell社内 n8n活用による効率化検証事例紹介
kentarofujii
0
300
AI開発をスケールさせるデータ中心の仕組みづくり
kzykmyzw
0
170
KubeCon + CloudNativeCon NA ‘25 Recap, Extensibility: Gateway API / NRI
ladicle
0
140
エンジニアとマネジメントの距離/Engineering and Management
ikuodanaka
3
630
AIとともに歩む情報セキュリティ / Information Security with AI
kanny
4
2.2k
Featured
See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Deep Space Network (abreviated)
tonyrice
0
36
Ruling the World: When Life Gets Gamed
codingconduct
0
130
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
270
Information Architects: The Missing Link in Design Systems
soysaucechin
0
750
Navigating Weather and Climate Data
rabernat
0
76
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2k
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
reverentgeek
1
310
Site-Speed That Sticks
csswizardry
13
1k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
For a Future-Friendly Web
brad_frost
181
10k
How to build a perfect <img>
jonoalderson
1
4.9k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
sansantech
jacopen
hatahata021
you
uhooi
sat
tomorrowkey
kentarofujii
kzykmyzw
ladicle
.jpg){kind=avatar}
ikuodanaka
kanny
cassininazir
tonyrice
codingconduct
portentint
soysaucechin
rabernat
inesmontani
reverentgeek
csswizardry
bluesmoon
brad_frost
jonoalderson
