Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
54
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
58
Docker Images Best Practices
boris
0
56
Software Freedom Day 2015
boris
0
45
Code Driven Infrastructure
boris
0
67
hola mundo
boris
0
64
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
78
Tech, Method & Philosophy for the cloud
boris
0
54
Other Decks in Technology
See All in Technology
Large Vision Language Modelを用いた 文書画像データ化作業自動化の検証、運用 / shibuya_AI
sansan_randd
0
110
生成AI_その前_に_マルチクラウド時代の信頼できるデータを支えるSnowflakeメタデータ活用術.pdf
cm_mikami
0
120
定期的な価値提供だけじゃない、スクラムが導くチームの共創化 / 20251004 Naoki Takahashi
shift_evolve
PRO
3
330
Goに育てられ開発者向けセキュリティ事業を立ち上げた僕が今向き合う、AI × セキュリティの最前線 / Go Conference 2025
flatt_security
0
350
業務自動化プラットフォーム Google Agentspace に入門してみる #devio2025
maroon1st
0
190
AIAgentの限界を超え、 現場を動かすWorkflowAgentの設計と実践
miyatakoji
0
140
許しとアジャイル
jnuank
1
130
多野優介
tanoyusuke
1
460
動画データのポテンシャルを引き出す! Databricks と AI活用への奮闘記(現在進行形)
databricksjapan
0
150
Azure SynapseからAzure Databricksへ 移行してわかった新時代のコスト問題!?
databricksjapan
0
140
SoccerNet GSRの紹介と技術応用:選手視点映像を提供するサッカー作戦盤ツール
mixi_engineers
PRO
1
180
いまさら聞けない ABテスト入門
skmr2348
1
210
Featured
See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
How to Ace a Technical Interview
jacobian
280
24k
Raft: Consensus for Rubyists
vanstee
139
7.1k
A better future with KSS
kneath
239
17k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.1k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
61k
What's in a price? How to price your products and services
michaelherold
246
12k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Six Lessons from altMBA
skipperchong
28
4k
How to Think Like a Performance Engineer
csswizardry
27
2k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Unsuck your backbone
ammeep
671
58k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
sansan_randd
cm_mikami
shift_evolve
flatt_security
maroon1st
miyatakoji
jnuank
tanoyusuke
databricksjapan
mixi_engineers
skmr2348
scottboms
jacobian
vanstee
kneath
eileencodes
lemiorhan
michaelherold
keavy
skipperchong
csswizardry
keithpitt
ammeep
