Qualys Urges Web Security Boost: Add HSTS Headers to 95% Vulnerable HTTPS Servers
Qualys, a leading cybersecurity company, has issued crucial recommendations for enhancing web security. They advise adding an HTTP Strict Transport Security (HSTS) header to all HTTPS resources in a domain. Currently, only 5% of HTTPS servers have a correct HSTS implementation, leaving them vulnerable to attacks.
Qualys Vulnerability Management offers a detection tool for HSTS running on web servers. To bolster security, Qualys suggests integrating Web Application Scanning into the Software Development Life Cycle (SDLC) process. This enables early detection of security issues, including HSTS misconfigurations.
Web applications should strive to protect as many domains and subdomains as possible with an appropriate HSTS policy. The strongest protection comes from ensuring all requested resources use only TLS with a well-formed HSTS header. While there's no specific tool mentioned for monitoring HSTS use or configuration, tools like Tableau Server provide guidance on enabling HSTS for web browser clients, indirectly supporting proper HSTS configuration through security guidelines.
HSTS protects users against passive eavesdropping and active man-in-the-middle attacks. Qualys Web Application Scanning performs detailed HSTS analysis, providing valuable configuration insights. Alarmingly, about 95% of HTTPS servers are vulnerable to connection hijacking due to inadequate HSTS implementation.
HSTS is a critical method for web applications to ensure secure transport. Qualys' recommendations and tools aim to improve HSTS adoption and configuration, thereby enhancing web security. With only 5% of HTTPS servers correctly implementing HSTS, there's a significant opportunity for improvement.
Read also:
- Reporter of Silenced Torment or Individual Recording Suppressed Agony
- JPMorgan Chase Announces Plans for a Digital Bank Launch in Germany's Retail Sector
- Urgent Action: Users of Smartphones Advised to Instantly Erase Specific Messages, as per FBI Admonition
- Customer data from Coinbase breached, exposing sensitive information
