07 - Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts() - freeCodeCamp
IMPORTANT: You must use Helmet version 3.2.0 to pass this test!
We can protect our sites against protocol downgrate attacks by setting a header, which outright denies connections not seccured through HTTPS.
Link to Challenge : https://www.freecodecamp.org/learn/in...
Written Guide: https://www.notion.so/ganeshh123/Ask-...
Full Playlist for this course : • Information Security with HelmetJS - ...
All Writen Guides for this course : https://www.notion.so/ganeshh123/8ba8...
All My Tutorials can be found at : https://www.notion.so/Tutorials-Ganes...
00:00 - Introduction
00:03 - Protocol Downgrade Attack
A downgrade attack or version rollback attack is a form of cryptographic attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an older, lower-quality mode of operation (e.g. cleartext) that is typically provided for backward compatibility with older systems.
https://en.wikipedia.org/wiki/Downgra...
00:16 - Example
02:07 - Strict-Transport-Security Header
The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP.
https://developer.mozilla.org/en-US/d...
02:35 - Use Helmet version 3.2.0
03:50 - Setting the Header - helmet.hsts()
helmet.hsts sets the Strict-Transport-Security header which tells browsers to prefer HTTPS over insecure HTTP.
https://github.com/helmetjs/helmet/tr...
05:23 - Testing
————————————————————————————————————
HelmetJS is a type of middleware for Express-based applications that automatically sets HTTP headers to prevent sensitive information from unintentionally being passed between the server and client. While HelmetJS does not account for all situations, it does include support for common ones like Content Security Policy, XSS Filtering, and HTTP Strict Transport Security, among others. HelmetJS can be installed on an Express project from npm, after which each layer of protection can be configured to best fit the project.
freeCodeCamp (also referred to as “Free Code Camp”) is a non-profit organization that consists of an interactive learning web platform, an online community forum, chat rooms, online publications and local organizations that intend to make learning web development accessible to anyone. Beginning with tutorials that introduce students to HTML, CSS and JavaScript, students progress to project assignments that they complete either alone or in pairs. Upon completion of all project tasks, students are partnered with other nonprofits to build web applications, giving the students practical development experience.
freeCodeCamp (also referred to as “Free Code Camp”) is a non-profit organization that consists of an interactive learning web platform, an online community forum, chat rooms, online publications and local organizations that intend to make learning web development accessible to anyone. Beginning with tutorials that introduce students to HTML, CSS and JavaScript, students progress to project assignments that they complete either alone or in pairs. Upon completion of all project tasks, students are partnered with other nonprofits to build web applications, giving the students practical development experience.
Thanks for Watching!
Watch video 07 - Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts() - freeCodeCamp online without registration, duration hours minute second in high quality. This video was added by user Ganesh H 12 August 2020, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,280 once and liked it 22 people.