Why static-content sites get a security benefit from HTTPS


I really appreciated this new post from Troy Hunt about the benefits of HTTPS for static sites:

Basically, it runs through a number of alarming content-injection attacks that can be pulled off against HTTP static sites that have no login or private data. (Sadly, this list isn’t even comprehensive!)

Feel free to share this if anyone asks about what the point of HTTPS is for static sites; it seems like a great exposition. (There’s also a detailed video that I haven’t watched that apparently demonstrates the content-injection attacks.)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.