Services cloud under HSTS, Strengths and weakness before an attack of man in the middle MITM

摘要

Web transactions have become one of the services most used today, the ease of interacting with different tools and the ubiquity of hand with new technologies has led to a significant increase in the development of solutions in the cloud; Today operations and services are done online and digital content is created under Web 4.0 giving many possibilities for developers, and new security problems. Security architecture models are a priority condition in any cloud solution, its costs, time and operation must be met and adapted as best as possible in the search to minimize the vulnerabilities in transmitting information under the client / server model that strengthen Local or remote connections of services or transactions over the internet. This article reviews the behavior of the HSTS standard as a complement to the security of the SSL / TLS protocol on the WEB service and specifically to the attack of man in the MITM environment, finding some strengths and weaknesses of the most popular browsers such as Internet Explorer, Google Chrome and Mozilla Firefox. The HSTS standard highlights its functionality because it keeps the HTTPS session on the main site and the subdomains associated with the website; Therefore, the complement is quite stable without any external intervention, increasing security conditions in confidentiality, authenticity and integrity pillars of all communication between applications. It delivers a vision of the very flexible and extensible standard to the rapid evolution and deployment of cloud technology solutions that provide migration to increasingly sophisticated and secure services demanded by organizations.