Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introducción a HSTS

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Boris Quiroz Boris Quiroz
April 26, 2014
Technology
0
55

Introducción a HSTS

Avatar for Boris Quiroz

Boris Quiroz

April 26, 2014
Tweet

More Decks by Boris Quiroz

See All by Boris Quiroz
Secrets management with Vault
Avatar for Boris Quiroz boris
0
60
Docker Images Best Practices
Avatar for Boris Quiroz boris
0
57
Software Freedom Day 2015
Avatar for Boris Quiroz boris
0
46
Code Driven Infrastructure
Avatar for Boris Quiroz boris
0
72
hola mundo
Avatar for Boris Quiroz boris
0
66
DevOps Tools: Chef + Vagrant
Avatar for Boris Quiroz boris
0
230
Kitchen.CI
Avatar for Boris Quiroz boris
0
120
Hands-on Lab
Avatar for Boris Quiroz boris
0
82
Tech, Method & Philosophy for the cloud
Avatar for Boris Quiroz boris
0
59

Other Decks in Technology

See All in Technology
僕、S3  シンプルって名前だけど全然シンプルじゃありません よろしくお願いします
Avatar for Yuuki Yamashita yama3133
1
210
親子 or ペアで Mashup for the Future! しゃべって楽しむ 初手AI駆動でものづくり体験
Avatar for hiroramos hiroramos4
PRO
0
120
Scrumは歪む — 組織設計の原理原則
Avatar for Daisuke Ashihara dashi
0
170
Oracle Cloud Infrastructure IaaS 新機能アップデート 2025/12 - 2026/2
Avatar for oracle4engineer oracle4engineer
PRO
0
120
AI実装による「レビューボトルネック」を解消する仕様駆動開発(SDD)/ ai-sdd-review-bottleneck
Avatar for Rakus_Dev rakus_dev
0
120
Keycloak を使った SSO で CockroachDB にログインする / CockroachDB SSO with Keycloak
Avatar for kota2and3kan kota2and3kan
0
120
AIエージェント、 社内展開の前に知っておきたいこと
Avatar for oracle4engineer oracle4engineer
PRO
2
120
進化するBits AI SREと私と組織
Avatar for 株式会社ヌーラボ nulabinc
PRO
0
160
Claude Codeが爆速進化してプラグイン追従がつらいので半自動化した話 ver.2
Avatar for ryu rfdnxbro
0
530
タスク管理も1on1も、もう「管理」じゃない ― KiroとBedrock AgentCoreで変わった"判断の仕事"
Avatar for Yusuke Shimizu yusukeshimizu
5
2.6k
「Blue Team Labs Online」入門 - みんなで挑むログ解析バトル
Avatar for Noriaki Hayashi v_avenger
0
170
わたしがセキュアにAWSを使えるわけないじゃん、ムリムリ!(※ムリじゃなかった!?)
Avatar for cm-usuda-keisuke cmusudakeisuke
1
720

Featured

See All Featured
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
3k
Highjacked: Video Game Concept Design
Avatar for Ryan Kendrick rkendrick25
PRO
1
310
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
140k
Fireside Chat
Avatar for paigeccino paigeccino
42
3.8k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
Building Adaptive Systems
Avatar for Chris Keathley keathley
44
3k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
5k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
Avatar for AKADEMIYA2063 akademiya2063
PRO
1
70
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
31
3.1k
Navigating Team Friction
Avatar for Lara Hogan lara
192
16k
The innovator’s Mindset - 
Leading Through an Era of Exponential Change - McGill University 2025
Avatar for Jean-Marc De Jonghe jdejongh
PRO
1
120

Transcript

  1. HSTS WTF?

  2. None

  3. HTTP Strict Transport Security

  4. Asegurar que la comunicación no encriptada no es permitida en

    nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
  5. None

  6. ¡BIEN!

  7. None

  8. ¡MAL!

  9. 1. El usuario va a preyproject.com 2. El browser agregará

    el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled

  10. HSTS enabled 1. El usuario va a preyproject.com 2. HSTS

    convertirá automáticamente el link de HTTP a HTTPS

  11. Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0

    IE 12+

  12. El header Strict-Transport-Security: max-age:31536000; includeSubdomains

  13. None

  14. Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La

    config

  15. PRELOAD LISTS

  16. ¿Preguntas? Boris Quiroz SRE Preyproject.com