In the previous article, we discussed about HSTS protocol and its benefits. We strongly recommend you read it before you proceed.
Now that you understand and appreciate the usefulness of HSTS, in this post we will talk about the implementation of HSTS protocol in your websites and your APIs.
To refresh our memory, the definition of HSTS is as follows:
HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.
As per the rfc documentation of HSTS, the syntax of the header is
Using an HTTPS protocol is considered to be the best practice to secure communication over a network. But is this really effective? Turns out the answer is NO!
HTTPS protocol was originally created to serve the following purposes:
Unfortunately, the protocol was sound but a man-in-the-middle attack was possible by SSL stripping. In SSL stripping, an attacker forces the browser to connect to a website using HTTP to modify and intercept the communication.
As you must have guessed, the problem doesn’t lie with the…
Within the infosec and SecOps community, NVD is a well-known entity, but we realised outside of it, there are few who are aware of its existence.
So what is it exactly?
NVD stands for National Vulnerability Database. It is one of the largest collection of vulnerabilities that have been reported by software vendors or security researchers all over the world. Thousands of IT-Security teams and enterprises use this data source for vulnerability management, security and compliance of their tech stack.