Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
56
0
Share
Introducción a HSTS
Boris Quiroz
April 26, 2014
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
60
Docker Images Best Practices
boris
0
57
Software Freedom Day 2015
boris
0
46
Code Driven Infrastructure
boris
0
73
hola mundo
boris
0
67
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
82
Tech, Method & Philosophy for the cloud
boris
0
59
Other Decks in Technology
See All in Technology
AgentCoreとLINEを使った飲食店おすすめアプリを作ってみた
yakumo
2
290
AIエージェント時代に必要な オペレーションマネージャーのロールとは
kentarofujii
0
250
スケーリングを封じられたEC2を救いたい
senseofunity129
0
130
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
cybozuinsideout
PRO
10
77k
AWS Systems Managerのハイブリッドアクティベーションを使用したガバメントクラウド環境の統合管理
toru_kubota
1
190
Move Fast and Break Things: 10 in 20
ramimac
0
110
FlutterでPiP再生を実装した話
s9a17
0
240
CloudFrontのHost Header転送設定でパケットの中身はどう変わるのか?
nagisa53
1
230
OPENLOGI Company Profile for engineer
hr01
1
61k
私がよく使うMCPサーバー3選と社内で安全に活用する方法
kintotechdev
0
150
CREがSLOを握ると 何が変わるのか
nekomaho
0
340
スクラムを支える内部品質の話
iij_pr
0
110
Featured
See All Featured
The Limits of Empathy - UXLibs8
cassininazir
1
280
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.4k
Facilitating Awesome Meetings
lara
57
6.8k
Technical Leadership for Architectural Decision Making
baasie
3
300
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
320
Into the Great Unknown - MozCon
thekraken
40
2.3k
Documentation Writing (for coders)
carmenintech
77
5.3k
Code Reviewing Like a Champion
maltzj
528
40k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.6k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
0
250
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
450
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
yakumo
kentarofujii
senseofunity129
cybozuinsideout
toru_kubota
ramimac
s9a17
nagisa53
hr01
kintotechdev
nekomaho
iij_pr
cassininazir
dougneiner
lara
baasie
skipperchong
thekraken
carmenintech
maltzj
thoeni
keithpitt
apolaine
katarinadahlin
