Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPS by default - no more clear

oxdef
May 23, 2017
Programming
0
12

HTTPS by default - no more clear

Phdays 2017

oxdef

May 23, 2017
Tweet

More Decks by oxdef

See All by oxdef
How to improve software security with OWASP open source initiatives
oxdef
0
78
Keynote at ZeroNights X (2021)
oxdef
0
41
Security Culture: Here be Hackers
oxdef
0
290
OWASP Top 10 - 2017 What’s inside?
oxdef
0
260
И разработчик станет хакером!
oxdef
0
28
Implementing Content Security Policy at a Large Scale
oxdef
0
310
Security in developer’s life: knowledge is power
oxdef
0
190
Web Application Security: future standards and technologies
oxdef
0
200
Content Security Policy - the panacea for XSS or placebo?
oxdef
0
190

Other Decks in Programming

See All in Programming
クローズドなサービスをIdentity-Aware Proxyを使って安全に公開する
yamato_sorariku
0
110
【Symfony超入門】コマンドだけでCRUD画面を作るチート法
kin29
0
150
NOT A HOTEL
AIコンシェルジュ「Kevin」の開発秘話
codehex
3
23k
Android端末のNFCを無効化しようとしてダメだった話
mitchan
1
2.8k
prototype大全 / YAPC::Kyoto 2023
utgwkk
0
1.1k
PHPで任意精度演算を行って「正しい」金額計算をする方法 / Perform arbitrary precision arithmetic in PHP to achieve "accurate" monetary calculations
hiro_y
1
300
6年以上メンテされていない!? クレカ読み取りライブラリの廃止とDataScannerViewControllerを使ってクレカ読み取りを実装しよう!
terukinakano
0
110
DDD Demystified ~結局DDDとは何なのか?何でないのか?~ #phperkaigi_reject
77web
0
640
Run Your Firebase for Web App Locally Using Firebase Emulator Suite
dicoding
0
430
ブラウザの向こう側で「200 OK」を返すまでに何が起きているのか調べてみた #phperkaigi
akase244
5
1.3k
社内のメンバーに「関数型プログラミングの学習・教育」についていろいろ聞いてみた
j5ik2o
1
480
Learning PHP with PHP Parser
inouehi
1
370

Featured

See All Featured
Optimizing for Happiness
mojombo
366
65k
Pencils Down: Stop Designing & Start Developing
hursman
114
10k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
19k
Product Roadmaps are Hard
iamctodd
38
7.9k
What's in a price? How to price your products and services
michaelherold
233
9.8k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
14
5.6k
Making Projects Easy
brettharned
102
4.9k
Mobile First: as difficult as doing things right
swwweet
213
7.9k
The Illustrated Children's Guide to Kubernetes
chrisshort
23
43k
GitHub's CSS Performance
jonrohan
1021
430k
Robots, Beer and Maslow
schacon
154
7.4k
Designing for humans not robots
tammielis
245
24k

Transcript

  1. Яндекс

    View Slide

  2. Я
    HTTPS by default - no more
    clear text in the web!
    Taras Ivashchenko,
    Product security team, Y
    andex
    ндекс

    View Slide

  3. View Slide

  4. Global HTTPS usage

    View Slide

  5. Why so slow?!

    View Slide

  6. View Slide

  7. Forward Secrecy

    View Slide

  8. HTTPS only for the auth page is
    not enough!

    View Slide

  9. Really big project
    Not only web protocols
    Internal knowledge base and tools
    Trainings
    Deep tech things: TLS sessions, double certificate scheme
    All services moved to “HTTPS by default” mode
    Improved world around us ;-)
    At Y
    andex

    View Slide

  10. View Slide

  11. Q&A

    View Slide

  12. Taras Ivashchenko
    Product security team
    Contacts
    [email protected]

    View Slide