Cryptography

HTTP Strict Transport Security

HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. HSTS is an IETF standards track protocol and is specified in RFC 6797. The HSTS Policy is communicated by the server to the user agent via an HTTP response header field named "Strict-Transport-Security". HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion. Websites using HSTS often do not accept clear text HTTP, either by rejecting connections over HTTP or systematically redirecting users to HTTPS (though this is not required by the specification). The consequence of this is that a user-agent not capable of doing TLS will not be able to connect to the site. The protection only applies after a user has visited the site at least once, relying on the principle of Trust on first use. The way this protection works is that a user entering or selecting a URL to the site that specifies HTTP, will automatically upgrade to HTTPS, without making an HTTP request, which prevents the HTTP man-in-the-middle attack from occurring. (Wikipedia).

HTTP Strict Transport Security
Video thumbnail

OWASP Appsec Tutorial Series - Episode 4: Strict Transport Security

The forth episode in the OWASP Appsec Tutorial Series. This episode describes the importance of using HTTPS for all sensitive communication, and how the HTTP Strict Transport Security header can be used to ensure greater security, by transforming all HTTP links to HTTPS automatically in th

From playlist OWASP Appsec Tutorial Series

Video thumbnail

Transport Layer Security: Part 2 - TLS & HTTPS

Fundamental concepts of TLS are discussed. SSL is analyzed. HTTPS & SSH are presented.

From playlist Network Security

Video thumbnail

Transport Layer Security: Part 1

Fundamental concepts of TLS are discussed. SSL is analyzed. HTTPS & SSH are presented.

From playlist Network Security

Video thumbnail

5.4 HTTPS and TLSSSL

From playlist Internet Security for Beginners by Dr. Christoph Meinel

Video thumbnail

4.0 Open Internet, Unsafe Transport Routes

From playlist Internet Security for Beginners by Dr. Christoph Meinel

Video thumbnail

Internet Safety

If you are interested in learning more about this topic, please visit http://www.gcflearnfree.org/ to view the entire tutorial on our website. It includes instructional text, informational graphics, examples, and even interactives for you to practice and apply what you've learned.

From playlist The Internet

Video thumbnail

HITB SecConf 2009 Malaysia: Freeing Sisyphus: Declaratively Addressing Web Security Issues 3/5

Clip 3/5 Speaker: Lucas Adamski (Director, Security Engineering, Mozilla Corp) Another security conference, and another batch of cross-site scripting, cross-site request forgery, phishing and SSL man-in-the-middle talks. Sometimes these issues are design or implementation flaws in the

From playlist Hack In The Box Malaysia 2009

Video thumbnail

Black Hat USA 2010: State of SSL on the Internet: 2010 Survey Results and Conclusions 4/4

Speaker: Ivan Ristic SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to eve

From playlist BH USA 2010 - BIG PICTURE

Video thumbnail

4.1 Open Internet

From playlist Internet Security for Beginners by Dr. Christoph Meinel

Video thumbnail

Ruby Midwest 2013 Rails Application Security in Practice by Bryan Helmkamp

Out of the box, Rails does its best to help you secure your app. Unfortunately, without consistent application of secure development principles, practices and tools, it's just a matter of time before vulnerabilities creep in. The best time to start locking down your app now, not after your

From playlist Ruby Midwest 2013

Video thumbnail

Headers for Hackers: Wrangling HTTP Like a Pro

HTTP has been gradually adding lots of new and exotic headers, and more are on the way. Learn about current best practices with Vary, Link, Content-Security-Policy, Referrer-Policy, Client-Hints, Clear-Site-Data and Alt-Svc, upcoming features such as Feature-Policy and proposals like Varia

From playlist Web Development

Video thumbnail

Internet Safety: Your Browser's Security Features

In this video, you’ll learn more about your browser's security features. Visit https://www.gcflearnfree.org/internetsafety/your-browsers-security-features/1/ for our text-based lesson. This video includes information on: • Using browser security to check web addresses and identify securit

From playlist Internet Tips

Video thumbnail

Ethical Hacking Tutorial | How To Perform Reconnaissance | Session 03 | #cybersecurity

Don’t forget to subscribe! In this ethical hacking tutorial, you will learn to perform reconnaissance. Reconnaissance is the First Step in Ethical Hacking and if you have correct data about the target, you will probably be able to hack it. This project series will guide you to perform r

From playlist Perform Reconnaissance

Video thumbnail

1.9 Security Objectives

From playlist Internet Security for Beginners by Dr. Christoph Meinel

Video thumbnail

How Engineers Construct Cruise Ships [4K] | Extreme Constructions | Spark

315 meters long, 65 meters high, weighing 80,000 tones and capable of transporting more than 7,000 people, the Meraviglia is the ultimate cruise ship. But how was she built ? We followed her development at the St. Nazaire construction site, a building ground for the world’s biggest vessel

From playlist 4K Science Documentaries

Video thumbnail

Black Hat USA 2010: Hadoop Security Design - Just Add Kerberos - Really 1/2

Speaker: Andrew Becherer Distributed computing is a alive and well in 2010. The Hadoop project is carrying the banner for open source distributed computing with its Hadoop Distributed File System and MapReduce engine. Hadoop is in use at many of the world's largest online media companies

From playlist BH USA 2010 - TURBO

Video thumbnail

Web Security 2019

20 years of web cryptography, and its amazing how frequently its configured sub-optimally. We've had numerous encryption algorithms, digests, protocols come, and should have GONE, but everyone has just left them on. Its time to shut out the legacy browser. The vast majority of the worlds b

From playlist Security

Video thumbnail

1.4 Risks in the Internet

From playlist Internet Security for Beginners by Dr. Christoph Meinel

Video thumbnail

Stanford Webinar - Leadership Competencies for Air Transport Professionals

Stanford-IATA Aviation Management certificate program webinar covering five critical competencies for working in the aviation industry. Info: http://aviation.stanford.edu/ In today's fast-paced, global environment, all leaders of teams in air transport ranging from frontlines, new and sen

From playlist Leadership & Management

Related pages

Public key certificate | HTTP Strict Transport Security | Man-in-the-middle attack