The Importance of Implementing Strict Transport Security - Pentestmag
0
  • Home
  • Blog
  • The Importance of Implementing Strict Transport Security

The Importance of Implementing Strict Transport Security

(137 views)
  The Importance of Implementing Strict Transport Security   Authors: Ronan Dunne & Anthony Caldwell What you will learn STS is a relatively straightforward setting to enable. What you will know HSTS is a necessary and sufficient protocol for sensitive web traffic. Introduction It is clear by now that even....

Read the rest of this story with a free account.

Already have an account? Sign in

January 12, 2015
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
shiva
shiva
7 years ago

i am unable to find the http strict transport security (hsts) option under Passive Scan Rules in OWASP ZAP tool(2.4.3 version).Could you please let me know how to test the http strict transport security (hsts) through the ZAP tool.Thanks in advance.

1
Reply
blainecarlson
blainecarlson
9 years ago

Uh, your remediation steps are wrong…

“3. Use strict transport security (http header). Strict–‐Transport–‐Security: max–‐age=0; includeSubDomains”

should read something like

Strict-Transport-Security: max-age=31536000; includeSubDomains

Note the max-age.

1
Reply
Get unlimited access

Join Us

Become an Instructor

Become a Reviewer

Writing on Pentestmag

LOOKING for a JOB in IT security?


.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023