HSTS Preload as an Attack Vector - Best not to place too much Trust in your Webmaster
| Main Author: | Marc Ruef |
|---|---|
| Format: | Article eJournal |
| Bahasa: | eng |
| Terbitan: |
, 2019
|
| Subjects: | |
| Online Access: |
https://zenodo.org/record/3521982 |
Daftar Isi:
- HSTS, or HTTP Strict Transport Security, is a security policy mechanism. Using the corresponding HTTP header, web servers can tell web browsers which access method to use. This requires that a web browser first manually access the HTTPS version of the page. With HSTS preload established, you can skip this intermediate step. Webmasters, web server admins and proxy admins can use their privileges to control use of internal services.
- This paper was written in 2019 as part of a research project at scip AG, Switzerland. It was initially published online at https://www.scip.ch/en/?labs.20190404 and is available in English and German. Providing our clients with innovative research for the information technology of the future is an essential part of our company culture.