[Owasp-leaders] HTTP to HTTPS redirects

Jim Manico jim.manico at owasp.org
Sun Oct 23 10:07:06 EDT 2011


Troy Hunt and others noticed that you removed the recommendation to
avoid HTTP to HTTPS redirects, a long standing AppSec recommendation.


As a chance to geek-out on leaders, may I/we ask why in a bit more depth?

I'm on the edge about this myself, but I think I understand your reasoning...

Jim Manico
(808) 652-3805

More information about the OWASP-Leaders mailing list