Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

HTTPS by default - no more clear

Avatar for oxdef oxdef
May 23, 2017
Programming
0
34

HTTPS by default - no more clear

Phdays 2017

Avatar for oxdef

oxdef

May 23, 2017
Tweet

More Decks by oxdef

See All by oxdef
How to improve software security with OWASP open source initiatives
Avatar for oxdef oxdef
0
230
Keynote at ZeroNights X (2021)
Avatar for oxdef oxdef
0
190
Security Culture: Here be Hackers
Avatar for oxdef oxdef
0
540
OWASP Top 10 - 2017 What’s inside?
Avatar for oxdef oxdef
0
620
И разработчик станет хакером!
Avatar for oxdef oxdef
0
54
Implementing Content Security Policy at a Large Scale
Avatar for oxdef oxdef
0
640
Security in developer’s life: knowledge is power
Avatar for oxdef oxdef
0
380
Web Application Security: future standards and technologies
Avatar for oxdef oxdef
0
400
Content Security Policy - the panacea for XSS or placebo?
Avatar for oxdef oxdef
0
420

Other Decks in Programming

See All in Programming
Python札幌 LT資料
Avatar for t3tra t3tra
7
1k
re:Invent 2025 のイケてるサービスを紹介する
Avatar for maroon1st maroon1st
0
150
Combinatorial Interview Problems with Backtracking Solutions - From Imperative Procedural Programming to Declarative Functional Programming - Part 2
Avatar for Philip Schwarz philipschwarz
PRO
0
110
The Past, Present, and Future of Enterprise Java
Avatar for ivargrimstad ivargrimstad
0
350
バックエンドエンジニアによる Amebaブログ K8s 基盤への CronJobの導入・運用経験
Avatar for suna-big sunabig
0
170
Spinner 軸ズレ現象を調べたらレンダリング深淵に飲まれた #レバテックMeetup
Avatar for 弁護士ドットコム bengo4com
0
190
AI Agent Dojo #4: watsonx Orchestrate ADK体験
Avatar for Akira Onishi (IBM) oniak3ibm
PRO
0
110
実はマルチモーダルだった。ブラウザの組み込みAI🧠でWebの未来を感じてみよう #jsfes #gemini
Avatar for n0bisuke n0bisuke2
3
1.3k
リリース時」テストから「デイリー実行」へ!開発マネージャが取り組んだ、レガシー自動テストのモダン化戦略
Avatar for goataka (GOAMI Takaaki) goataka
0
140
SwiftUIで本格音ゲー実装してみた
Avatar for 蛋白(たんぱく・TANPACT) hypebeans
0
500
AI時代を生き抜く 新卒エンジニアの生きる道
Avatar for coconala_engineer coconala_engineer
1
430
perlをWebAssembly上で動かすと何が嬉しいの??? / Where does Perl-on-Wasm actually make sense?
Avatar for mackee mackee
0
130

Featured

See All Featured
HDC tutorial
Avatar for Michiel Stock michielstock
0
270
Building Adaptive Systems
Avatar for Chris Keathley keathley
44
2.9k
Technical Leadership for Architectural Decision Making
Avatar for Kenny Baas-Schwegler baasie
0
180
Impact Scores and Hybrid Strategies: The future of link building
Avatar for Tamara Novitovic tamaranovitovic
0
170
Unlocking the hidden potential of vector embeddings in international SEO
Avatar for Frank van Dijk frankvandijk
0
130
The Curious Case for Waylosing
Avatar for Cassini Nazir cassininazir
0
190
WENDY [Excerpt]
Avatar for Tessa Abrams tessaabrams
8
35k
Designing Experiences People Love
Avatar for Jonathan Moore moore
143
24k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
37
2.7k
The AI Search Optimization Roadmap by Aleyda Solis
Avatar for Aleyda Solis aleyda
1
5k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.3k
Efficient Content Optimization with Google Search Console & Apps Script
Avatar for Katarina Dahlin katarinadahlin
PRO
0
250

Transcript

  1. Яндекс

  2. Я HTTPS by default - no more clear text in

    the web! Taras Ivashchenko, Product security team, Y andex ндекс
  3. None

  4. Global HTTPS usage

  5. Why so slow?!

  6. None

  7. Forward Secrecy

  8. HTTPS only for the auth page is not enough!

  9. Really big project Not only web protocols Internal knowledge base

    and tools Trainings Deep tech things: TLS sessions, double certificate scheme All services moved to “HTTPS by default” mode Improved world around us ;-) At Y andex
  10. None

  11. Q&A

  12. Taras Ivashchenko Product security team Contacts [email protected]