Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hacking HTTP/2 - New Attacks on the Internet's Next Generation Foundation

Black Hat via YouTube

Overview

Explore the emerging HTTP/2 protocol and its vulnerabilities in this Black Hat conference talk. Delve into the rapid adoption of HTTP/2 by major internet players and its role as a transition layer for web traffic. Discover new attack vectors targeting HTTP/2's components, including the flow control mechanism and header compression. Learn about the low data rate attack and industry multiplexing attack through video demonstrations. Examine potential solutions, from abandoning HTTP/2 to implementing patches and virtual patching. Gain key insights and technical details to better understand the security implications of this next-generation internet foundation.

Syllabus

Introduction
Who am I
Credits
Agenda
Why HTTP2
HTTP1 Problems
Who Uses HTTP2
Components of HTTP
Frame
New Attacks
Research
Implementation
Flow Control Mechanism
Low Data Rate Attack
Video Demo
Industry Multiplexing
Attack Flow
Attack Flow Demo
Header Compression
HPack
Dynamic Table
Funny Story
What can we do
Option 1 Abandon HTTP2
Option 2 Patch
Option 3 Patch
Virtual Patching
Key takeaways
Technical details

Taught by

Black Hat

Reviews

Start your review of Hacking HTTP/2 - New Attacks on the Internet's Next Generation Foundation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.