Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
60
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Introducción a HSTS
Boris Quiroz
April 26, 2014
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
69
Docker Images Best Practices
boris
0
60
Software Freedom Day 2015
boris
0
50
Code Driven Infrastructure
boris
0
75
hola mundo
boris
0
68
DevOps Tools: Chef + Vagrant
boris
0
240
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
83
Tech, Method & Philosophy for the cloud
boris
0
62
Other Decks in Technology
See All in Technology
プロダクトだけじゃない、社内プロセスにおける自動化・省力化ノススメ
kakehashi
PRO
1
3.3k
アカウントが増えてからでは遅い? ~ マルチアカウント統制の勘所 ~
kenichinakamura
0
210
End-to-Endで考える信頼性 —LINEアプリにおけるクライアント開発×SRE連携の実践
maruloop
4
3.8k
ADDF - ループエンジニアリングするフレームワークを作ったら/I Didn't Set Out to Build Loop Engineering, But ADDF Did
fruitriin
0
100
AWS Summit の片隅で、体育座りしながらコミュニティがにぎわう理由を考えた
k_adachi_01
2
370
事業価値を⽣み出すSREへ SREが担うべき意思決定の5層
kenta_hi
2
3.1k
完全自律ロボットを作りたくて、先に開発を自律させた話(ROS Japan UG #63 LT)
rryz09
0
440
次世代ランサムウェア対策の考察 / 20260704 Mitsutoshi Matsuo
shift_evolve
PRO
5
1.7k
プライバシー保護の理論と実践
lycorptech_jp
PRO
1
250
スタートアップにおけるアジャイルの実践について #shibuyagile
murabayashi
3
2.2k
地域 SRE コミュニティ最前線 / SRE NEXT 2026 Discussion Night Track C
muziyoshiz
0
200
NDIAS CTF 2026 問題解説会資料
bata_24
0
180
Featured
See All Featured
Optimizing for Happiness
mojombo
378
71k
A Tale of Four Properties
chriscoyier
163
24k
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
220
Unsuck your backbone
ammeep
672
58k
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
270
Leo the Paperboy
mayatellez
8
1.9k
Discover your Explorer Soul
emna__ayadi
2
1.2k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.3k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4.3k
How to train your dragon (web standard)
notwaldorf
97
6.7k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.8k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com