HSTS - HTTP Strict Transport Security - Protect against SSL Stripping attack - Practical TLS

Video Description

HSTS (HTTP Strict Transport Security) prevents a site from being accessed over HTTP if it is meant to be accessed via HTTPS. It does this using three directives: Max-Age, IncludeSubDomains, Preload. In this video we discuss the SSL Stripping attack, and discuss how HSTS prevents it. 🔑 More free lessons from the course: https://www.youtube.com/playlist?list=PLIFyRwBY_4bTwRX__Zn4-letrtpSj1mzY 🔐 More details about the course: https://classes.pracnet.net/courses/practical-tls 🏢 Do you configure or troubleshoot TLS/SSL for work? If so, I'm willing to bet your employer would happily pay for this SSL training. Reach out if you'd like to coordinate an introduction for a bulk license purchase with your company. I'm happy to provide a generous referral bonus =) 💬 Join Practical Networking Discord https://pracnet.net/discord 00:00 - Typical Browsing - 301 to HTTPS 01:27 - SSL Attack Vector - HTTP to HTTPS redirect 01:48 - SSL Stripping Attack 03:41 - HSTS Explained 04:48 - HSTS Demonstration 06:11 - HSTS includeSubDomains 06:42 - Still Vulnerable on First Visit / HSTS Preload 08:31 - HSTS prevents clicking through browser warnings 09:10 - HSTS directives on one line 09:25 - Summary / Outro 🖧 Want to learn how how data moves through a network? https://www.youtube.com/playlist?list=PLIFyRwBY_4bRLmKfP1KnZA6rZbRHtxmXi Since you've made it to the bottom of the Description, here's a $100 off coupon code you can use on the full course =) YT100 #tls #ssl #hsts