HSTS - HTTP Strict Transport Security - Protect against SSL Stripping attack - Practical TLS

HSTS (HTTP Strict Transport Security) prevents a site from being accessed over HTTP if it is meant to be accessed via HTTPS. It does this using three directives: Max-Age, IncludeSubDomains, Preload. In this video we discuss the SSL Stripping attack, and discuss how HSTS prevents it. šŸ”‘ More free lessons from the course:    • PracticalĀ TLSĀ -Ā FreeĀ LessonsĀ fromĀ myĀ SSLĀ D...Ā Ā  šŸ” More details about the course: https://classes.pracnet.net/courses/p... šŸ¢ Do you configure or troubleshoot TLS/SSL for work? If so, I'm willing to bet your employer would happily pay for this SSL training. Reach out if you'd like to coordinate an introduction for a bulk license purchase with your company. I'm happy to provide a generous referral bonus =) šŸ’¬ Join Practical Networking Discord https://pracnet.net/discord 00:00 - Typical Browsing - 301 to HTTPS 01:27 - SSL Attack Vector - HTTP to HTTPS redirect 01:48 - SSL Stripping Attack 03:41 - HSTS Explained 04:48 - HSTS Demonstration 06:11 - HSTS includeSubDomains 06:42 - Still Vulnerable on First Visit / HSTS Preload 08:31 - HSTS prevents clicking through browser warnings 09:10 - HSTS directives on one line 09:25 - Summary / Outro šŸ–§ Want to learn how how data moves through a network?    • NetworkingĀ FundamentalsĀ Ā  Since you've made it to the bottom of the Description, here's a $100 off coupon code you can use on the full course =) YT100 #tls #ssl #hsts

TLS Handshake - EVERYTHING that happens when you visit an HTTPS website
ā–¶ļøŽ

TLS Handshake - EVERYTHING that happens when you visit an HTTPS website

FortiGate SSL Inspection & Web Filtering: Live SD-WAN Lab with Real Devices
ā–¶ļøŽ

FortiGate SSL Inspection & Web Filtering: Live SD-WAN Lab with Real Devices

Using NMAP Like a Red Team Operator (OPSEC Matters!)
ā–¶ļøŽ

Using NMAP Like a Red Team Operator (OPSEC Matters!)

Content-Security-Policy: Offensive vs Defensive Tactics
ā–¶ļøŽ

Content-Security-Policy: Offensive vs Defensive Tactics

HTTP Strict Transport Security (HSTS) and TLS Stripping Explained
ā–¶ļøŽ

HTTP Strict Transport Security (HSTS) and TLS Stripping Explained

Passkeys SUCK (here’s why + how I use them)
ā–¶ļøŽ

Passkeys SUCK (here’s why + how I use them)

Don't Hang Up On AI Scammers. Do THIS Instead.
ā–¶ļøŽ

Don't Hang Up On AI Scammers. Do THIS Instead.

HTTPS, SSL, TLS & Certificate Authority Explained
ā–¶ļøŽ

HTTPS, SSL, TLS & Certificate Authority Explained

HTTPS Decryption with Wireshark // Website TLS Decryption
ā–¶ļøŽ

HTTPS Decryption with Wireshark // Website TLS Decryption

What is a DMZ, and why every company has one
ā–¶ļøŽ

What is a DMZ, and why every company has one

PHP Full Course For Beginners | PHP Full Course | PHP Tutorial | Intellipaat
ā–¶ļøŽ

PHP Full Course For Beginners | PHP Full Course | PHP Tutorial | Intellipaat

Network Protocols - ARP, FTP, SMTP, HTTP, SSL, TLS, HTTPS, DNS, DHCP - Networking Fundamentals - L6
ā–¶ļøŽ

Network Protocols - ARP, FTP, SMTP, HTTP, SSL, TLS, HTTPS, DNS, DHCP - Networking Fundamentals - L6

TLS 1.3 Cipher Suites - Here is what CHANGES!
ā–¶ļøŽ

TLS 1.3 Cipher Suites - Here is what CHANGES!

Before You Trash Your Old PC Power Supply... Build This!
ā–¶ļøŽ

Before You Trash Your Old PC Power Supply... Build This!

China Is About To Pop The AI Bubble
ā–¶ļøŽ

China Is About To Pop The AI Bubble

HTTP Secure Headers for Web App Security | CORS, CSP, HSTS and more
ā–¶ļøŽ

HTTP Secure Headers for Web App Security | CORS, CSP, HSTS and more

What is SSL & TLS ?   What is HTTPS ?   What is an SSL VPN? - Practical TLS
ā–¶ļøŽ

What is SSL & TLS ? What is HTTPS ? What is an SSL VPN? - Practical TLS

TLS 1.3 Handshake - many CHANGES from prior versions!
ā–¶ļøŽ

TLS 1.3 Handshake - many CHANGES from prior versions!

Something is jamming GPS over Europe. Here's what we found
ā–¶ļøŽ

Something is jamming GPS over Europe. Here's what we found

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
ā–¶ļøŽ

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro