Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Put an "S" on it: Moving a Large Publishing Sit...

Avatar for Zack Tollman Zack Tollman
February 07, 2017
Technology
1
150

Put an "S" on it: Moving a Large Publishing Site to HTTPS

The internet is abuzz HTTPS everywhere. Unfortunately, getting there is major undertaking. Join me as I discuss the process of implementing HTTPS by default on wired.com. I will walk through selling the idea internally, preparing the site for HTTPS, and monitoring it after the launch. I will outline an approach for an HTTPS transition that anyone can use.
Avatar for Zack Tollman

Zack Tollman

February 07, 2017
Tweet

More Decks by Zack Tollman

See All by Zack Tollman
Defining Fast: The Hardest Problem in Performance Engineering
Avatar for Zack Tollman tollmanz
0
88
Defining Fast: The Hardest Problem in Performance Engineering
Avatar for Zack Tollman tollmanz
0
150
ReWIRED: Moving WIRED.com from WordPress to Node
Avatar for Zack Tollman tollmanz
0
300
Building Custom User Experiences from the Edge
Avatar for Zack Tollman tollmanz
0
120
HTTPS Migrations: The Hard Parts
Avatar for Zack Tollman tollmanz
0
370
HTTPS is Coming: Are You Prepared? (Velocity 2016)
Avatar for Zack Tollman tollmanz
0
210
Understanding HTTPS and TLS
Avatar for Zack Tollman tollmanz
0
190
HTTPS Is Coming - WP SFO
Avatar for Zack Tollman tollmanz
0
110
The Many Challenges of Object Caching in WordPress
Avatar for Zack Tollman tollmanz
0
110

Other Decks in Technology

See All in Technology
製造業向けIoTソリューション提案資料.pdf
Avatar for h.uriu haruki_uiru
0
280
ユーザーコミュニティが海外スタートアップのDevRelを補完する瞬間
Avatar for M Yano nagauta
1
200
AI駆動で進化する開発プロセス ~クラスメソッドでの実践と成功事例~ / aidd-in-classmethod
Avatar for tomoki10 tomoki10
1
1.2k
問 1:以下のコンパイラを証明せよ(予告編) #kernelvm / Kernel VM Study Kansai 11th
Avatar for y_taka_23 ytaka23
3
590
時間がないなら、つくればいい 〜数十人規模のチームが自律性を発揮するために試しているいくつかのこと〜
Avatar for KAKEHASHI kakehashi
PRO
24
5.8k
AIによるコードレビューで開発体験を向上させよう!
Avatar for Atsushi Nakatsugawa moongift
PRO
0
450
Previewでもここまで追える! Azure AI Foundryで始めるLLMトレース
Avatar for Tomodo_ysys tomodo_ysys
2
720
インフラからSREへ
Avatar for Issei Naruta mirakui
19
6.5k
4月15日の AZ 障害をテクサポの中の人目線で振り返ってみる
Avatar for kazzpapa3 kazzpapa3
2
140
Azure × MCP 入門
Avatar for Ryosuke Hyakuta ry0y4n
8
1.8k
"発信文化"をどうやって計測する?技術広報のKPI探索記/How do we measure communication culture?
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
4
320
Cursorをチョッパヤインタビューライターにチューニングする方法 / how to tuning cursor for interview write
Avatar for ShuzoN shuzon
2
250

Featured

See All Featured
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
329
21k
Gamification - CAS2011
Avatar for David Bonilla davidbonilla
81
5.3k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
267
13k
It's Worth the Effort
Avatar for 3n 3n
184
28k
Building Applications with DynamoDB
Avatar for Matt Wood mza
94
6.4k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
29
940
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
10
800
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
133
9.3k
Building Adaptive Systems
Avatar for Chris Keathley keathley
41
2.5k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
183
22k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.5k

Transcript

  1. PUT AN “S” on it Zack Tollman @tollmanz

  2. I set up HTTPS in 15 minutes “

  3. SSL is easy to use but also very easy to

    use incorrectly Ivan Ristic (https://www.ssllabs.com/projects/ssl-threat-model/) “

  4. MIXED CONTENT

  5. PASSIVE aka display

  6. ACTIVE

  7. None
  8. None
  9. None
  10. None
  11. None
  12. None
  13. None

  14. STRATEGY for a migration

  15. HTTPS EVERYWHERE

  16. HTTPS SOMEWHERE

  17. HTTPS WITH HTTP

  18. RISK SECURITY HTTPS EVERYWHERE HTTPS SOMEWHERE HTTPS WITH HTTP

  19. Assess Risk

  20. HTTPS SOMEWHERE

  21. Ad Risk

  22. SEO Risk

  23. APPLICATION preparation

  24. s/http:/https:/

  25. None
  26. None

  27. HTTP

  28. HTTPS HTTP

  29. HTTP

  30. HTTP HTTPS

  31. HTTPS EVERYWHERE

  32. 301

  33. Sitemaps

  34. OLD NEW https://support.google.com/webmasters/answer/6033049#https-faqs

  35. CONTENT POLICY SECURITY

  36. Location

  37. script-src: ‘self’ https:;

  38. Type

  39. frame-src: ‘none’

  40. Loading Behavior

  41. block-all-mixed-content

  42. Tame The Locks

  43. default-src: https:; upgrade-insecure-requests

  44. Reporting

  45. default-src: https:; upgrade-insecure-requests report-uri https:// report-domain.com/receive

  46. { "csp-report": { "document-uri": "https://www.wired.com/ 2016/10/geeks-guide-westworld/", "referrer": "https://www.wired.com/", "violated-directive": "media-src

    https:", "effective-directive": "media-src", "original-policy": …, "blocked-uri": "http://www.wired.com", "status-code": 0 } }

  47. https://www.podtrac.com/pts/ redirect.mp3/www.wired.com/wp- content/uploads/2016/09/ geeksguide223final.mp3

  48. http://www.wired.com/wp- content/uploads/2016/09/ geeksguide223final.mp3

  49. None

  50. Webkit

  51. HTTPS is Hard

  52. Chase the Green

  53. Monitor Progress

  54. https://speakerdeck.com/tollmanz