Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPS by default - no more clear

oxdef
May 23, 2017
Programming
0
18

HTTPS by default - no more clear

Phdays 2017

oxdef

May 23, 2017
Tweet

More Decks by oxdef

See All by oxdef
How to improve software security with OWASP open source initiatives
oxdef
0
91
Keynote at ZeroNights X (2021)
oxdef
0
59
Security Culture: Here be Hackers
oxdef
0
310
OWASP Top 10 - 2017 What’s inside?
oxdef
0
280
И разработчик станет хакером!
oxdef
0
31
Implementing Content Security Policy at a Large Scale
oxdef
0
340
Security in developer’s life: knowledge is power
oxdef
0
200
Web Application Security: future standards and technologies
oxdef
0
210
Content Security Policy - the panacea for XSS or placebo?
oxdef
0
220

Other Decks in Programming

See All in Programming
アプリケーションパフォーマンスの計測と改善の方法を勉強している話
devoc
10
2.5k
Build Backwards-Compatible REST APIs with Rolling Versions
subomi
0
130
なぜ自社ではスクラムがうまくいかないのか アジャイルコーチと考える、スクラムのアンチパターン / Why Scrum doesn't work in my company?
daipresents
1
300
一日30回リリースを可能にするpixiv開発
picopico
0
880
Migrating From Spring Boot 2 To Spring Boot 3 - What's Jakarta EE Got To Do with It?
ivargrimstad
0
150
Compose で Android/iOS アプリを作る
m_coder
0
1.3k
OSSにPull Requestを送ってみて
osatoh
1
310
Building Tebukuro with Hotwire and Rails
murajun1978
0
150
Creative coding starting with Ruby
chobishiba
1
600
Software Architecture
hschwentner
6
1.5k
第1回 AWSとGitHub勉強会 - キックオフ -
ogiwarat
0
130
近代フロントエンドの歴史とKuma UIの登場意義
poteboy
3
3.8k

Featured

See All Featured
GitHub's CSS Performance
jonrohan
1021
440k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
10
1.2k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
3.9k
Designing for Performance
lara
601
66k
KATA
mclloyd
13
11k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.2k
The Illustrated Children's Guide to Kubernetes
chrisshort
26
45k
GraphQLとの向き合い方2022年版
quramy
24
11k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
271
12k
How STYLIGHT went responsive
nonsquared
89
4.4k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.7k
Pencils Down: Stop Designing & Start Developing
hursman
115
10k

Transcript

  1. Яндекс

    View Slide

  2. Я
    HTTPS by default - no more
    clear text in the web!
    Taras Ivashchenko,
    Product security team, Y
    andex
    ндекс

    View Slide

  3. View Slide

  4. Global HTTPS usage

    View Slide

  5. Why so slow?!

    View Slide

  6. View Slide

  7. Forward Secrecy

    View Slide

  8. HTTPS only for the auth page is
    not enough!

    View Slide

  9. Really big project
    Not only web protocols
    Internal knowledge base and tools
    Trainings
    Deep tech things: TLS sessions, double certificate scheme
    All services moved to “HTTPS by default” mode
    Improved world around us ;-)
    At Y
    andex

    View Slide

  10. View Slide

  11. Q&A

    View Slide

  12. Taras Ivashchenko
    Product security team
    Contacts
    [email protected]

    View Slide