SlideShare una empresa de Scribd logo

Delivering news securely with HTTPS

Paul Schreiber
Paul Schreiber

Lots of websites — from Wikipedia to Reddit to the Washington Post — are moving towards encrypting all of their web traffic to protect their readers' privacy. We'll talk about what this all means (benefits, downsides) and problems we've encountered moving to HTTPS (and how we solved them).

Tecnología
1 de 109
Descargar para leer sin conexión
Delivering the news over HTTPS
Paul Schreiberpaul.schreiber@fivethirtyeight.com @paulschreiber
15%
http://www.bbc.co.uk/ http://www.bbc.co.uk/persian/ ✔
HTTP1991–2016
HTTP1991–2016
Marking HTTP As Non-Secure We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security.
Marking HTTP As Non-Secure We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security.
Deprecating Non-Secure HTTP Today we are announcing our intent to phase out non-secure HTTP. There are two broad elements of this plan: 1. Setting a date after which all new features will be available only to secure websites 2. Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.
Deprecating Non-Secure HTTP Today we are announcing our intent to phase out non-secure HTTP. There are two broad elements of this plan: 1. Setting a date after which all new features will be available only to secure websites 2. Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.
Deprecating Non-Secure HTTP Today we are announcing our intent to phase out non-secure HTTP. There are two broad elements of this plan: 1. Setting a date after which all new features will be available only to secure websites 2. Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.
The HTTPS-Only Standard All browsing activity should be considered private and sensitive. —https.cio.gov
A Call to Action If you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on HTTPS by the end of 2015 and pledge your support with the hashtag #https2015. —Eitan Konigsburg, Rajiv Pant and Elena Kvochko “Embracing HTTPS” November 13, 2014
HTTPS
HTTP
HTTPS
2008 HTTPS is slow
2008 HTTPS is slow 2015 HTTPS is fast
HTTP 2.0
HTTPS
SHA-1
SHA-1
$ sslmate mkconfig
https://mozilla.github.io/ server-side-tls/ ssl-config-generator/
HTTPS enabled
HTTPS enabled HTTPS default
HTTPS enabled HTTPS default HSTS
HTTPS enabled HTTPS default HSTS HSTS preload
content
content 😕
content 🤔
comments
ads
social
analytics
CDNs
fonts
mixedcontent
mixedcontent $ mixed-content-scan
mixedcontent Content-Security-Policy: upgrade-insecure-requests
mixedcontent Content-Security-Policy- Report-Only: default-src https: data: 'self' 'unsafe-inline' 'unsafe- eval'; report-uri: https://myserver.com/log- tool/
NoHTTPS? ask nicely.
NoHTTPS? SoundCite placehold.it
mixedcontent Akamai http://hostname.com → https://a248.e.akamai.net/f/ 12/621/60d/hostname.com
<script src="//google.com/… <script src="https://googl… mixedcontent
<script src="//google.com/… <script src="https://googl… mixedcontent
mixedcontent
Many graphics from The Noun Project Mountains by Chris Cole; Statue of Liberty by John Melven; Tombstone by Jakob Wells; Congress by Martha Ormiston; Shield by Wayne Thayer; Books by Ashley van Dyck; Snail by aLf; carrot by Creative Stall; Geolocation by Alexander Smith; Notification by vijay sekhar; Microphone by Edward Boatman; Video camera by Pham Thi Dieu Linh; Full screen by Garrett Knoll; Rotation by Lemon Liu; speedmeter by Michal Beno; layers by Muhamad Ulum; arrow by Maurizio Pedrazzoli; stick by Blaise Sewell; Server by Yazmin Alanis; SEO by Azis; Money by Nick Levesque; Shopping cart by Patrizia Daidone; Lock with keyhole by Brennan Novak; Scribble by Michael Chanover; Network by Stephen Boak; Hat based on work by Blake Kimmel. ; Warning by Icomatic; Error by Anas Ramadan.

Recomendados

WordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPSWordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPSPaul Schreiber
 
Delivering the news over HTTPS
Delivering the news over HTTPSDelivering the news over HTTPS
Delivering the news over HTTPSPaul Schreiber
 
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPSBigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPSPaul Schreiber
 
Web Push notifications
Web Push notificationsWeb Push notifications
Web Push notificationsLouis Lagrange
 
Online passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattackOnline passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattackOVHcloud
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainSecuRing
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNorth Texas Chapter of the ISSA
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Nico Meisenzahl
 

Recomendados

WordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPSWordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPSPaul Schreiber
 
Delivering the news over HTTPS
Delivering the news over HTTPSDelivering the news over HTTPS
Delivering the news over HTTPSPaul Schreiber
 
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPSBigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPSPaul Schreiber
 
Web Push notifications
Web Push notificationsWeb Push notifications
Web Push notificationsLouis Lagrange
 
Online passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattackOnline passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattackOVHcloud
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainSecuRing
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNorth Texas Chapter of the ISSA
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Nico Meisenzahl
 
Factorisationpolynome2 Degre
Factorisationpolynome2 DegreFactorisationpolynome2 Degre
Factorisationpolynome2 Degreatire
 
Recommendation Letter Mike Walters_Signed
Recommendation Letter Mike Walters_SignedRecommendation Letter Mike Walters_Signed
Recommendation Letter Mike Walters_SignedLorraine Lomas
 
Bio/Resume
Bio/ResumeBio/Resume
Bio/Resumesjs1949
 
nFusion Capabilities
nFusion CapabilitiesnFusion Capabilities
nFusion Capabilitiesanne_spradley
 
Dd ey pe 2015 - 2016 2
Dd ey pe 2015 - 2016 2Dd ey pe 2015 - 2016 2
Dd ey pe 2015 - 2016 2Chriztian Mejía
 
AB Minerals - Tantalite Processing Project Presentation - web 2.0
AB Minerals - Tantalite Processing Project Presentation - web 2.0AB Minerals - Tantalite Processing Project Presentation - web 2.0
AB Minerals - Tantalite Processing Project Presentation - web 2.0Nikolas Perrault
 
Voice automator - Automator
Voice automator - AutomatorVoice automator - Automator
Voice automator - AutomatorPrafull Agrawal
 
Vergil's Aeneid 1.87 94 ppt with translation steps
Vergil's Aeneid 1.87 94 ppt with translation stepsVergil's Aeneid 1.87 94 ppt with translation steps
Vergil's Aeneid 1.87 94 ppt with translation stepslatinlovermccarthy
 
Done For You SEO Brand Establisher PowerPoint
Done For You SEO Brand Establisher PowerPoint Done For You SEO Brand Establisher PowerPoint
Done For You SEO Brand Establisher PowerPoint Tahir Khawaja
 
Equation2 Degre
Equation2 DegreEquation2 Degre
Equation2 Degreatire
 
budgeting and scheduling projects
budgeting and scheduling projectsbudgeting and scheduling projects
budgeting and scheduling projectsAhmed Ezz-eldin
 
LaunchIT #2 - Etady
LaunchIT #2 - EtadyLaunchIT #2 - Etady
LaunchIT #2 - EtadyNexus FrontierTech
 
A swimming pool project of junhao hotel(4 star)
A swimming pool project of junhao hotel(4 star)A swimming pool project of junhao hotel(4 star)
A swimming pool project of junhao hotel(4 star)SAMUEL WU
 
Grafico diario del dax perfomance index para el 12 04-2012 (1)
Grafico diario del dax perfomance index para el 12 04-2012 (1)Grafico diario del dax perfomance index para el 12 04-2012 (1)
Grafico diario del dax perfomance index para el 12 04-2012 (1)Experiencia Trading
 
Website Analysis Report : SEO, CRO Website Audit.
Website Analysis Report : SEO, CRO Website Audit.Website Analysis Report : SEO, CRO Website Audit.
Website Analysis Report : SEO, CRO Website Audit.Tarak Turki
 
Revo Property Pay: Accept ePayments Today!
Revo Property Pay: Accept ePayments Today!Revo Property Pay: Accept ePayments Today!
Revo Property Pay: Accept ePayments Today!revopay
 
WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSPaul Schreiber
 
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas Anna Morrison
 
Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...
Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...
Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...SEO monitor
 
How to be trusted in 2017
How to be trusted in 2017How to be trusted in 2017
How to be trusted in 2017Zeev Shetach
 
The Future of https in Search
The Future of https in SearchThe Future of https in Search
The Future of https in Searchsemrush_webinars
 
From AMP to PWA
From AMP to PWAFrom AMP to PWA
From AMP to PWAIdo Green
 

Más contenido relacionado

Destacado

Factorisationpolynome2 Degre
Factorisationpolynome2 DegreFactorisationpolynome2 Degre
Factorisationpolynome2 Degreatire
 
Recommendation Letter Mike Walters_Signed
Recommendation Letter Mike Walters_SignedRecommendation Letter Mike Walters_Signed
Recommendation Letter Mike Walters_SignedLorraine Lomas
 
Bio/Resume
Bio/ResumeBio/Resume
Bio/Resumesjs1949
 
nFusion Capabilities
nFusion CapabilitiesnFusion Capabilities
nFusion Capabilitiesanne_spradley
 
AB Minerals - Tantalite Processing Project Presentation - web 2.0
AB Minerals - Tantalite Processing Project Presentation - web 2.0AB Minerals - Tantalite Processing Project Presentation - web 2.0
AB Minerals - Tantalite Processing Project Presentation - web 2.0Nikolas Perrault
 
Voice automator - Automator
Voice automator - AutomatorVoice automator - Automator
Voice automator - AutomatorPrafull Agrawal
 
Vergil's Aeneid 1.87 94 ppt with translation steps
Vergil's Aeneid 1.87 94 ppt with translation stepsVergil's Aeneid 1.87 94 ppt with translation steps
Vergil's Aeneid 1.87 94 ppt with translation stepslatinlovermccarthy
 
Done For You SEO Brand Establisher PowerPoint
Done For You SEO Brand Establisher PowerPoint Done For You SEO Brand Establisher PowerPoint
Done For You SEO Brand Establisher PowerPoint Tahir Khawaja
 
Equation2 Degre
Equation2 DegreEquation2 Degre
Equation2 Degreatire
 
budgeting and scheduling projects
budgeting and scheduling projectsbudgeting and scheduling projects
budgeting and scheduling projectsAhmed Ezz-eldin
 
A swimming pool project of junhao hotel(4 star)
A swimming pool project of junhao hotel(4 star)A swimming pool project of junhao hotel(4 star)
A swimming pool project of junhao hotel(4 star)SAMUEL WU
 
Grafico diario del dax perfomance index para el 12 04-2012 (1)
Grafico diario del dax perfomance index para el 12 04-2012 (1)Grafico diario del dax perfomance index para el 12 04-2012 (1)
Grafico diario del dax perfomance index para el 12 04-2012 (1)Experiencia Trading
 
Website Analysis Report : SEO, CRO Website Audit.
Website Analysis Report : SEO, CRO Website Audit.Website Analysis Report : SEO, CRO Website Audit.
Website Analysis Report : SEO, CRO Website Audit.Tarak Turki
 
Revo Property Pay: Accept ePayments Today!
Revo Property Pay: Accept ePayments Today!Revo Property Pay: Accept ePayments Today!
Revo Property Pay: Accept ePayments Today!revopay
 

Destacado (16)

Factorisationpolynome2 Degre
Factorisationpolynome2 DegreFactorisationpolynome2 Degre
Factorisationpolynome2 Degre
 
Recommendation Letter Mike Walters_Signed
Recommendation Letter Mike Walters_SignedRecommendation Letter Mike Walters_Signed
Recommendation Letter Mike Walters_Signed
 
Bio/Resume
Bio/ResumeBio/Resume
Bio/Resume
 
nFusion Capabilities
nFusion CapabilitiesnFusion Capabilities
nFusion Capabilities
 
Dd ey pe 2015 - 2016 2
Dd ey pe 2015 - 2016 2Dd ey pe 2015 - 2016 2
Dd ey pe 2015 - 2016 2
 
AB Minerals - Tantalite Processing Project Presentation - web 2.0
AB Minerals - Tantalite Processing Project Presentation - web 2.0AB Minerals - Tantalite Processing Project Presentation - web 2.0
AB Minerals - Tantalite Processing Project Presentation - web 2.0
 
Voice automator - Automator
Voice automator - AutomatorVoice automator - Automator
Voice automator - Automator
 
Vergil's Aeneid 1.87 94 ppt with translation steps
Vergil's Aeneid 1.87 94 ppt with translation stepsVergil's Aeneid 1.87 94 ppt with translation steps
Vergil's Aeneid 1.87 94 ppt with translation steps
 
Done For You SEO Brand Establisher PowerPoint
Done For You SEO Brand Establisher PowerPoint Done For You SEO Brand Establisher PowerPoint
Done For You SEO Brand Establisher PowerPoint
 
Equation2 Degre
Equation2 DegreEquation2 Degre
Equation2 Degre
 
budgeting and scheduling projects
budgeting and scheduling projectsbudgeting and scheduling projects
budgeting and scheduling projects
 
LaunchIT #2 - Etady
LaunchIT #2 - EtadyLaunchIT #2 - Etady
LaunchIT #2 - Etady
 
A swimming pool project of junhao hotel(4 star)
A swimming pool project of junhao hotel(4 star)A swimming pool project of junhao hotel(4 star)
A swimming pool project of junhao hotel(4 star)
 
Grafico diario del dax perfomance index para el 12 04-2012 (1)
Grafico diario del dax perfomance index para el 12 04-2012 (1)Grafico diario del dax perfomance index para el 12 04-2012 (1)
Grafico diario del dax perfomance index para el 12 04-2012 (1)
 
Website Analysis Report : SEO, CRO Website Audit.
Website Analysis Report : SEO, CRO Website Audit.Website Analysis Report : SEO, CRO Website Audit.
Website Analysis Report : SEO, CRO Website Audit.
 
Revo Property Pay: Accept ePayments Today!
Revo Property Pay: Accept ePayments Today!Revo Property Pay: Accept ePayments Today!
Revo Property Pay: Accept ePayments Today!
 

Similar a Delivering news securely with HTTPS

WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSPaul Schreiber
 
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas Anna Morrison
 
Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...
Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...
Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...SEO monitor
 
How to be trusted in 2017
How to be trusted in 2017How to be trusted in 2017
How to be trusted in 2017Zeev Shetach
 
The Future of https in Search
The Future of https in SearchThe Future of https in Search
The Future of https in Searchsemrush_webinars
 
From AMP to PWA
From AMP to PWAFrom AMP to PWA
From AMP to PWAIdo Green
 
HTTP_Header_Security.pdf
HTTP_Header_Security.pdfHTTP_Header_Security.pdf
HTTP_Header_Security.pdfksudhakarreddy5
 
What you need to know about Google Chrome 56?
What you need to know about Google Chrome 56?What you need to know about Google Chrome 56?
What you need to know about Google Chrome 56?The SSL Store™
 
Google Chrome 56 What You Need to Know?
Google Chrome 56 What You Need to Know?Google Chrome 56 What You Need to Know?
Google Chrome 56 What You Need to Know?RapidSSLOnline.com
 
The State of HTTPS In Search
The State of HTTPS In SearchThe State of HTTPS In Search
The State of HTTPS In SearchSemrush
 
SEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth SytianSEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth SytianGlen Dimaandal
 
SEO benefits | ssl certificate | Learn SEO
SEO benefits | ssl certificate | Learn SEOSEO benefits | ssl certificate | Learn SEO
SEO benefits | ssl certificate | Learn SEOdevbhargav1
 
Rails security: above and beyond the defaults
Rails security: above and beyond the defaultsRails security: above and beyond the defaults
Rails security: above and beyond the defaultsMatias Korhonen
 
Securing the client side web
Securing the client side webSecuring the client side web
Securing the client side webSC5.io
 
Crypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and CryptoCrypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and Cryptohannob
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayHeroku
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)Guy Podjarny
 
HTTPS Site Migration | SearchLondon
HTTPS Site Migration | SearchLondonHTTPS Site Migration | SearchLondon
HTTPS Site Migration | SearchLondonBuiltvisible
 
State of Securing Restful APIs s12gx2015
State of Securing Restful APIs s12gx2015State of Securing Restful APIs s12gx2015
State of Securing Restful APIs s12gx2015robwinch
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...Peter LaFond
 

Similar a Delivering news securely with HTTPS (20)

WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPS
 
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
 
Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...
Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...
Google are pushing HTTPS hard. Why? And​,​ when should you act? by Mark Thoma...
 
How to be trusted in 2017
How to be trusted in 2017How to be trusted in 2017
How to be trusted in 2017
 
The Future of https in Search
The Future of https in SearchThe Future of https in Search
The Future of https in Search
 
From AMP to PWA
From AMP to PWAFrom AMP to PWA
From AMP to PWA
 
HTTP_Header_Security.pdf
HTTP_Header_Security.pdfHTTP_Header_Security.pdf
HTTP_Header_Security.pdf
 
What you need to know about Google Chrome 56?
What you need to know about Google Chrome 56?What you need to know about Google Chrome 56?
What you need to know about Google Chrome 56?
 
Google Chrome 56 What You Need to Know?
Google Chrome 56 What You Need to Know?Google Chrome 56 What You Need to Know?
Google Chrome 56 What You Need to Know?
 
The State of HTTPS In Search
The State of HTTPS In SearchThe State of HTTPS In Search
The State of HTTPS In Search
 
SEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth SytianSEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth Sytian
 
SEO benefits | ssl certificate | Learn SEO
SEO benefits | ssl certificate | Learn SEOSEO benefits | ssl certificate | Learn SEO
SEO benefits | ssl certificate | Learn SEO
 
Rails security: above and beyond the defaults
Rails security: above and beyond the defaultsRails security: above and beyond the defaults
Rails security: above and beyond the defaults
 
Securing the client side web
Securing the client side webSecuring the client side web
Securing the client side web
 
Crypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and CryptoCrypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and Crypto
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
 
HTTPS Site Migration | SearchLondon
HTTPS Site Migration | SearchLondonHTTPS Site Migration | SearchLondon
HTTPS Site Migration | SearchLondon
 
State of Securing Restful APIs s12gx2015
State of Securing Restful APIs s12gx2015State of Securing Restful APIs s12gx2015
State of Securing Restful APIs s12gx2015
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
 

Más de Paul Schreiber

Brooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital securityBrooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital securityPaul Schreiber
 
CreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folksCreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folksPaul Schreiber
 
WordCamp for Publishers: Security for Newsrooms
WordCamp for Publishers: Security for NewsroomsWordCamp for Publishers: Security for Newsrooms
WordCamp for Publishers: Security for NewsroomsPaul Schreiber
 
VIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development TeamsVIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development TeamsPaul Schreiber
 
WordPress NYC: Information Security
WordPress NYC: Information SecurityWordPress NYC: Information Security
WordPress NYC: Information SecurityPaul Schreiber
 
Web Scraping with Python
Web Scraping with PythonWeb Scraping with Python
Web Scraping with PythonPaul Schreiber
 
D'oh! Avoid annoyances with Grunt.
D'oh! Avoid annoyances with Grunt.D'oh! Avoid annoyances with Grunt.
D'oh! Avoid annoyances with Grunt.Paul Schreiber
 
Getting to Consistency
Getting to ConsistencyGetting to Consistency
Getting to ConsistencyPaul Schreiber
 
EqualityCamp: Lessons learned from the Obama Campaign
EqualityCamp: Lessons learned from the Obama CampaignEqualityCamp: Lessons learned from the Obama Campaign
EqualityCamp: Lessons learned from the Obama CampaignPaul Schreiber
 

Más de Paul Schreiber (14)

Brooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital securityBrooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital security
 
BigWP live blogs
BigWP live blogsBigWP live blogs
BigWP live blogs
 
CreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folksCreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folks
 
WordCamp for Publishers: Security for Newsrooms
WordCamp for Publishers: Security for NewsroomsWordCamp for Publishers: Security for Newsrooms
WordCamp for Publishers: Security for Newsrooms
 
VIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development TeamsVIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development Teams
 
BigWP Security Keys
BigWP Security KeysBigWP Security Keys
BigWP Security Keys
 
WordPress NYC: Information Security
WordPress NYC: Information SecurityWordPress NYC: Information Security
WordPress NYC: Information Security
 
Web Scraping with Python
Web Scraping with PythonWeb Scraping with Python
Web Scraping with Python
 
D'oh! Avoid annoyances with Grunt.
D'oh! Avoid annoyances with Grunt.D'oh! Avoid annoyances with Grunt.
D'oh! Avoid annoyances with Grunt.
 
Getting to Consistency
Getting to ConsistencyGetting to Consistency
Getting to Consistency
 
Junk Mail
Junk MailJunk Mail
Junk Mail
 
EqualityCamp: Lessons learned from the Obama Campaign
EqualityCamp: Lessons learned from the Obama CampaignEqualityCamp: Lessons learned from the Obama Campaign
EqualityCamp: Lessons learned from the Obama Campaign
 
Mac Productivity 101
Mac Productivity 101Mac Productivity 101
Mac Productivity 101
 
How NOT to rent a car
How NOT to rent a carHow NOT to rent a car
How NOT to rent a car
 

Último

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Último (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Delivering news securely with HTTPS