Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Boris Quiroz
April 26, 2014
Technology
0
55
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
60
Docker Images Best Practices
boris
0
57
Software Freedom Day 2015
boris
0
46
Code Driven Infrastructure
boris
0
71
hola mundo
boris
0
66
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
81
Tech, Method & Philosophy for the cloud
boris
0
59
Other Decks in Technology
See All in Technology
Azure Durable Functions で作った NL2SQL Agent の精度向上に取り組んだ話/jat08
thara0402
0
150
ZOZOにおけるAI活用の現在 ~開発組織全体での取り組みと試行錯誤~
zozotech
PRO
5
4.9k
インフラエンジニア必見!Kubernetesを用いたクラウドネイティブ設計ポイント大全
daitak
0
330
日本語テキストと音楽の対照学習の技術とその応用
lycorptech_jp
PRO
1
430
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
mikimatsumoto
0
200
Claude_CodeでSEOを最適化する_AI_Ops_Community_Vol.2__マーケティングx_AIはここまで進化した.pdf
riku_423
2
470
MCPでつなぐElasticsearchとLLM - 深夜の障害対応を楽にしたい / Bridging Elasticsearch and LLMs with MCP
sashimimochi
0
140
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
13k
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
Context Engineeringが企業で不可欠になる理由
hirosatogamo
PRO
3
430
なぜ今、コスト最適化(倹約)が必要なのか? ~AWSでのコスト最適化の進め方「目的編」~
htan
1
110
CDK対応したAWS DevOps Agentを試そう_20260201
masakiokuda
1
200
Featured
See All Featured
Game over? The fight for quality and originality in the time of robots
wayneb77
1
110
How to Think Like a Performance Engineer
csswizardry
28
2.4k
New Earth Scene 8
popppiees
1
1.5k
Practical Orchestrator
shlominoach
191
11k
The Art of Programming - Codeland 2020
erikaheidi
57
14k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
Design in an AI World
tapps
0
140
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
200
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
640
Designing for Performance
lara
610
70k
Un-Boring Meetings
codingconduct
0
200
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
thara0402
zozotech
daitak
lycorptech_jp
mikimatsumoto
riku_423
sashimimochi
sansan33
hirosatogamo
htan
masakiokuda
wayneb77
csswizardry
popppiees
shlominoach
erikaheidi
bermonpainter
tapps
reverentgeek
nmsamuel
lara
codingconduct
addyosmani
