HTTP Strict Transport Security (HSTS) and TLS Stripping Explained

I was in an interview this morning. And all we discussed was around HSTS and SSL. I must say all Cyber Security folks should be aware of your channel. If I had watched this video earlier, I would rock the interview. Great videos mate!!

Keep up the good work!!
You are making the world better place.

puneetkulkarni

Fantastic video. As a professional software engineer, I appreciate having these concise videos on security to reference when I forget about concepts (particularly in security).
Seeing as you're a software engineer as well, I would appreciate more videos on cybersecurity from a software engineering perspective e.g. How to properly secure Docker containers, tips on securing my Nginx server that's facing the public Internet, etc.

s

Guy must be really fun to interact with. Great explainer!

Girry_

SSL stripping was a great example to start with, which explains why do we need HSTS in the first place. Awesome video, Thank you!

veerendrasaikumar

Your videos are very addicted :) Imo 80% tech videos on YT are garbage, another 15 are good and the last 5% are outstanding. Your videos are definitely in these 5% Keep up the good work sir!

binaryblog

really good explanation. After going through the video, i was able to identify how HSTS works for the first time and how MITM attack works which i wasn't able to understand after looking at other people's video

harshgupta

sir I found your channel today, I have exam tomorrow and you helped me..you are talented in explaining thank you so much! +1sub

MM-byqq

I just checked this channel content after seeing this video. This channel is super amazing 💥💥.

fb_a

Brilliiant Hussein !. Keep up the good work. As told by @binaryblog your videos are very addictive coz they explain in detail with no doubts hence making them very catchy.

zaheerkhan

Keep up the good work Husain. I am learning a lot from your videos. Cheers!

jatinjindalj

Great video with clear explanation 10/10. thank you for making this!

codyj

Neat and clear! Really informative, thank you sir!

tommasocanepa

This is a really cool video. I always heard this term bounce around in office, now I know what it

anshikagupta

Great videos. Looking forward for some videos on "VPN" security related issues and mitigations around it.

Deekudla

Great video! quick question, regarding HTTPS interception attacks, what would be the best solution, HSTS or Certificate Pinning. -thanks

hessamzahedi

love this content. Very authentic and informative.

jlai

Let's say you create a new website and a client connects to that website for the first time does it mean for the first connection the client will make a http request first then switch to https, and after the website has been added to the hsts list will all the types of web browsers for every client across the world have that updated list or will it just affect only the client that connected to that website?

Rocky-gi

I don't understand why the user-agent/browser does not always just try connect to https regardles, to see if it exists first.

brod

when i type my banks official address with https, it goes first to http and shows insecure connection then redirects to https. I find that very disturbing and strange. why does that happen? is it because they registered their dns with http first? im using google dns

fxstreamer

ssl striping is not what u said realy, it's when the client send a request as https but the attacker is in the middel and downgrade it saying that the server only use http, in the case that u mentioned the user in the begining send http which is simple for the attacker no need for striping he will respond instead of the server with an http resp. but thanks for the explanation

neadlead