Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
57
0
Share
Introducción a HSTS
Boris Quiroz
April 26, 2014
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
61
Docker Images Best Practices
boris
0
58
Software Freedom Day 2015
boris
0
47
Code Driven Infrastructure
boris
0
74
hola mundo
boris
0
67
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
83
Tech, Method & Philosophy for the cloud
boris
0
59
Other Decks in Technology
See All in Technology
AWS DevOps Agentはチームメイトになれるのか?/ Can AWS DevOps Agent become a teammate
kinunori
6
680
弁護士ドットコム株式会社 エンジニア職向け 会社紹介資料
bengo4com
1
130
Amazon S3 Filesについて
yama3133
2
200
KGDC_13_Amazon Q Developerで挑む! 13事例から見えたAX組織変革の最前線_公開情報
kikugawa
0
110
ぼくがかんがえたさいきょうのあうとぷっと
yama3133
0
180
JEDAI in Osaka 2026イントロ
taka_aki
0
290
No Types Needed, Just Callable Method Check
dak2
1
610
AIを共同作業者にして書籍を執筆する方法 / How to Write a Book with AI as a Co-Creator
ama_ch
2
130
Azure Static Web Apps の自動ビルドがタイムアウトしやすくなった状況に対応した件/global-azure2026
thara0402
0
380
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
4.3k
Rapid Start: Faster Internet Connections, with Ruby's Help
kazuho
2
160
AI時代における技術的負債への取り組み
codenote
1
1.3k
Featured
See All Featured
Building AI with AI
inesmontani
PRO
1
900
A Soul's Torment
seathinner
6
2.7k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.2k
Building an army of robots
kneath
306
46k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.8k
Making the Leap to Tech Lead
cromwellryan
135
9.8k
GraphQLとの向き合い方2022年版
quramy
50
15k
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.6k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
370
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
290
Abbi's Birthday
coloredviolet
2
7k
Rails Girls Zürich Keynote
gr2m
96
14k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
kinunori
bengo4com
yama3133
kikugawa
taka_aki
dak2
ama_ch
thara0402
sansan33
kazuho
codenote
inesmontani
seathinner
aleyda
kneath
jnunemaker
cromwellryan
quramy
reverentgeek
baasie
coloredviolet
gr2m
