- MitM attack from the router, ISP.
- Content injection on an insecure page (HTTP)
- HTTP2 works with TLS. H2 protocol loads resources very fast (httpvshttps.com)
- All major browsers are planning to show warning, not secure on form fields, that will scare the end customer away from using the websites.
- chrome://flags/ - you can change settings to explicitly show when a connection is not secure
- Trust on First use (TOFU) problem
- Add secure header, set the max age, include sub domains, preload hsts
- hstspreload.org - registering HSTS, refer submission requirements
Thursday, May 18, 2017
Man in the Middle Attack (MitM) Troy Hunt webinar
Great talk, explained why companies need to plan to use HTTPS (TLS use interchangeably :))
Subscribe to:
Posts (Atom)
Featured post
How to connect to Mongo Atlas from Robo 3T
If you use a local instance of MongoDB, you might be a great fan of Robo3T. However, if you are using Mongo Atlas, the Atlas web interface p...
