We mentioned before how did we switch to SSL since 2017.
I want to add here how to set HSTS to prevent a wellknown SSL attack called SSL-Strip.
- What is SSL Strip?
You can watch the full talk to understand in details how this works here.
Basically the attacker is somehow (we don’t care how) a MITM setting in between the victim and the authentic server.
The attacker in this case can do a downgrade attack on SSL and transfer all HTTPs connection to the normal plain text HTTP connections.
Now the attack can simply sniff all data being communicated between the victim and the server.
The attacker is also free now to change the data and execute other attacks such as injecting malware into the traffic.
- What is HSTS
HSTS or HTTP Strict Transport Security allows web servers to declare that web b...Read More