Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
54
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
58
Docker Images Best Practices
boris
0
56
Software Freedom Day 2015
boris
0
45
Code Driven Infrastructure
boris
0
68
hola mundo
boris
0
64
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
79
Tech, Method & Philosophy for the cloud
boris
0
54
Other Decks in Technology
See All in Technology
AI機能プロジェクト炎上の 3つのしくじりと学び
nakawai
0
150
生成AI時代のPythonセキュリティとガバナンス
abenben
0
150
From Natural Language to K8s Operations: The MCP Architecture and Practice of kubectl-ai
appleboy
0
350
ラスベガスの歩き方 2025年版(re:Invent 事前勉強会)
junjikoide
0
560
Zero Trust DNS でより安全なインターネット アクセス
murachiakira
0
110
JSConf JPのwebsiteをGatsbyからNext.jsに移行した話 - Next.jsの多言語静的サイトと課題
leko
2
190
OpenCensusと歩んだ7年間
bgpat
0
200
CREが作る自己解決サイクルSlackワークフローに組み込んだAIによる社内ヘルプデスク改革 #cre_meetup
bengo4com
0
370
可観測性は開発環境から、開発環境にもオブザーバビリティ導入のススメ
layerx
PRO
4
1.8k
だいたい分かった気になる 『SREの知識地図』 / introduction-to-sre-knowledge-map-book
katsuhisa91
PRO
3
1.5k
ストレージエンジニアの仕事と、近年の計算機について / 第58回 情報科学若手の会
pfn
PRO
4
890
AI時代の発信活動 ~技術者として認知してもらうための発信法~ / 20251028 Masaki Okuda
shift_evolve
PRO
1
120
Featured
See All Featured
RailsConf 2023
tenderlove
30
1.3k
How GitHub (no longer) Works
holman
315
140k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
10
890
Testing 201, or: Great Expectations
jmmastey
45
7.7k
Writing Fast Ruby
sferik
630
62k
Git: the NoSQL Database
bkeepers
PRO
431
66k
Unsuck your backbone
ammeep
671
58k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
Speed Design
sergeychernyshev
32
1.2k
Embracing the Ebb and Flow
colly
88
4.9k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
nakawai
abenben
appleboy
junjikoide
murachiakira
leko
bgpat
bengo4com
layerx
katsuhisa91
pfn
shift_evolve
tenderlove
holman
keavy
tammyeverts
jmmastey
sferik
bkeepers
ammeep
eileencodes
sergeychernyshev
colly
garrettdimon
