MyDevSecOps ©2019 POWERED BY SNYK

The MyDevSecOps community is powered by Snyk Ltd. Our aim is to create a vendor-neutral space to share knowledge and best practices related to software security.

avatar-transparent.png

From Zero to Hero, Deploying HTTPS the quick and easy way

With the increasing requirement to secure communications online, we’re going to look at how to quickly and easily get started with HTTPS. Taking a website from HTTP to HTTPS, including obtaining a certificate and TLS configuration, all within an hour! On top of our deployment of HTTPS we’ll look at modern application defences that can assist us in providing a secure browsing experience to our users. Content Security Policy, Upgrade Insecure Requests and HTTP Strict Transport Security are all features that modern applications should leverage so we’ll be setting those up too. The securityheaders.com and ssllabs.com security analysers are canonical resources for their respective areas and we’re going to achieve an A+ grade on both of them.



Resources mentioned in this session:


Blog: https://scotthelme.co.uk/

Twitter: https://twitter.com/Scott_Helme


SSL Labs: https://www.ssllabs.com/ssltest/

Security Headers: https://securityheaders.com/

Let's Encrypt: https://letsencrypt.org/


ACME Tools/Clients

ACME Tiny: https://github.com/diafygi/acme-tiny

CertBot: https://certbot.eff.org/

ACME.sh: https://github.com/Neilpang/acme.sh


Mozilla Config Generator: https://ssl-config.mozilla.org/

Crawler data: https://crawler.ninja/files/sts-sites.txt

Support checker: https://caniuse.com/


Certificate Transparency

Intro post: https://scotthelme.co.uk/certificate-transparency-an-introduction/

Monitoring: https://scotthelme.co.uk/announcing-ct-monitoring-for-report-uri/

crt.sh: https://crt.sh/

Censys: https://censys.io/certificates


Scott Helme

Hacker, researcher, builder of things. Founded securityheaders.com and report-uri.com, Pluralsight author, BBC hacker in residence, award winning entrepreneur. Find me at scotthelme.co.uk


Find Scott on twitter


  • White Twitter Icon
  • White YouTube Icon