Overview
Explore an in-depth analysis of HTTP Strict Transport Security (HSTS) implementation across major web browsers in this 46-minute Black Hat conference talk. Delve into the undocumented workings of HSTS in Microsoft Edge, Internet Explorer, Firefox, and potentially Chrome. Uncover how these browsers save and process HSTS data, despite the lack of official technical documentation. Learn from security researchers Sheila Berta and Sergio De Los Santos as they break down the intricacies of HSTS and HTTP Public Key Pinning (HPKP) across different browser environments. Gain valuable insights into browser security mechanisms and potential vulnerabilities in HSTS implementations.
Syllabus
Breaking Out HSTS (and HPKP) On Firefox, IE/Edge and (Possibly) Chrome
Taught by
Black Hat