Librarium
Settings

07 - Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts() - freeCodeCamp

Ganesh H
gaminglearningtechnologyapicampcertificationcodecontentcrossdependencydevelopmentethicalfilteringfreecodecamphackerhackingheaderhelmethelmetjshelmetjs guidehelmetjs installhelmetjs tutorialhtmlhttpsinformationjavajavascriptjavascript 2020maxagemiddlewarenodenpmnpm helmetjspolicyprogrammerprogrammingprojectprotectionscriptscriptingsecuritysignsitestrictstrict-transport-securitytransporttutorialuserwalkthroughwebxss

IMPORTANT: You must use Helmet version 3.2.0 to pass this test! We can protect our sites against protocol downgrate attacks by setting a header, which outright denies connections not seccured through HTTPS.

Link to Challenge : https://www.freecodecamp.org/learn/information-security/information-security-with-helmetjs/ask-browsers-to-access-your-site-via-https-only-with-helmet-hsts Written Guide: https://www.notion.so/ganeshh123/Ask-Browsers-to-Access-Your-Site-via-HTTPS-Only-with-helmet-hsts-ebdf3136256344bcb037ff021384dcea

Full Playlist for this course : https://www.youtube.com/playlist?list=PLhGp6N0DI_1TeEsQOdf1JmV8PnkQfEpQ4 All Writen Guides for this course : https://www.notion.so/ganeshh123/8ba82d9d1ff84c4583d6e9418ebe426b All My Tutorials can be found at : https://www.notion.so/Tutorials-Ganesh-H-293ea420d34a464f9a1907e0405b5f26

00:00 - Introduction 00:03 - Protocol Downgrade Attack A downgrade attack or version rollback attack is a form of cryptographic attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an older, lower-quality mode of operation (e.g. cleartext) that is typically provided for backward compatibility with older systems. https://en.wikipedia.org/wiki/Downgrade_attack 00:16 - Example 02:07 - Strict-Transport-Security Header The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security 02:35 - Use Helmet version 3.2.0 03:50 - Setting the Header - helmet.hsts() helmet.hsts sets the Strict-Transport-Security header which tells browsers to prefer HTTPS over insecure HTTP. https://github.com/helmetjs/helmet/tree/master/middlewares/strict-transport-security 05:23 - Testing

-————————————————————————————————————- HelmetJS is a type of middleware for Express-based applications that automatically sets HTTP headers to prevent sensitive information from unintentionally being passed between the server and client. While HelmetJS does not account for all situations, it does include support for common ones like Content Security Policy, XSS Filtering, and HTTP Strict Transport Security, among others. HelmetJS can be installed on an Express project from npm, after which each layer of protection can be configured to best fit the project.

freeCodeCamp (also referred to as “Free Code Camp”) is a non-profit organization that consists of an interactive learning web platform, an online community forum, chat rooms, online publications and local organizations that intend to make learn ... https://www.youtube.com/watch?v=rVtbNBte35s

2021-06-25
0.0 LBC
Copyrighted (contact publisher)

32752910 Bytes