Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

HTTPS by default - no more clear

Avatar for oxdef oxdef
May 23, 2017
Programming
0
34

HTTPS by default - no more clear

Phdays 2017

Avatar for oxdef

oxdef

May 23, 2017
Tweet

More Decks by oxdef

See All by oxdef
How to improve software security with OWASP open source initiatives
Avatar for oxdef oxdef
0
230
Keynote at ZeroNights X (2021)
Avatar for oxdef oxdef
0
190
Security Culture: Here be Hackers
Avatar for oxdef oxdef
0
540
OWASP Top 10 - 2017 What’s inside?
Avatar for oxdef oxdef
0
620
И разработчик станет хакером!
Avatar for oxdef oxdef
0
52
Implementing Content Security Policy at a Large Scale
Avatar for oxdef oxdef
0
630
Security in developer’s life: knowledge is power
Avatar for oxdef oxdef
0
380
Web Application Security: future standards and technologies
Avatar for oxdef oxdef
0
390
Content Security Policy - the panacea for XSS or placebo?
Avatar for oxdef oxdef
0
420

Other Decks in Programming

See All in Programming
手軽に積ん読を増やすには?/読みたい本と付き合うには?
Avatar for hideki kinjyo o0h
PRO
1
170
非同期処理の迷宮を抜ける: 初学者がつまづく構造的な原因
Avatar for PADAone pd1xx
1
710
生成AIを利用するだけでなく、投資できる組織へ
Avatar for pospome pospome
1
320
ハイパーメディア駆動アプリケーションとIslandアーキテクチャ: htmxによるWebアプリケーション開発と動的UIの局所的適用
Avatar for Ryota Nakamura nowaki28
0
420
TypeScriptで設計する 堅牢さとUXを両立した非同期ワークフローの実現
Avatar for Matsumoto Moeka moeka__c
6
3k
新卒エンジニアのプルリクエスト with AI駆動
Avatar for Yuta Fukunaga fukunaga2025
0
210
Microservices rules: What good looks like
Avatar for Chris Richardson cer
PRO
0
1.3k
Flutter On-device AI로 완성하는 오프라인 앱, 박제창 @DevFest INCHEON 2025
Avatar for JaiChangPark itsmedreamwalker
1
110
Github Copilotのチャット履歴ビューワーを作りました~WPF、dotnet10もあるよ~ #clrh111
Avatar for KatsuYuzu katsuyuzu
0
100
モデル駆動設計をやってみよう ワークショップ開催報告(Modeling Forum2025) / model driven design workshop report
Avatar for haru860 haru860
0
260
「コードは上から下へ読むのが一番」と思った時に、思い出してほしい話
Avatar for HideyukiKitao panda728
PRO
38
25k
UIデザインに役立つ 2025年の最新CSS / The Latest CSS for UI Design 2025
Avatar for IKEDA Yasunobu clockmaker
18
7.4k

Featured

See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
285
14k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
37
2.6k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
210
24k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
1
100
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.5k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
141
7.2k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.5k
[SF Ruby Conf 2025] Rails X
Avatar for Vladimir Dementyev palkan
0
510
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.4k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
127
17k

Transcript

  1. Яндекс

  2. Я HTTPS by default - no more clear text in

    the web! Taras Ivashchenko, Product security team, Y andex ндекс
  3. None

  4. Global HTTPS usage

  5. Why so slow?!

  6. None

  7. Forward Secrecy

  8. HTTPS only for the auth page is not enough!

  9. Really big project Not only web protocols Internal knowledge base

    and tools Trainings Deep tech things: TLS sessions, double certificate scheme All services moved to “HTTPS by default” mode Improved world around us ;-) At Y andex
  10. None

  11. Q&A

  12. Taras Ivashchenko Product security team Contacts [email protected]