Tag

HTTP/2 Security

Browsing

HTTP/2 become the standard defacto for the modern web and causes new application security risks. The HTTP2 request smuggling is one of a few HTTP/2 vulnerabilities with the high severity that raised last year. In this post, we will describe it in detail and suggest an open-source tool http2smugl that detects such kinds of vulnerabilities. HTTP/2 is the thing that already took an Internet. According to the Wikipedia: “The standardization effort was supported by Chrome,…

On July 14th, Emil Lerner found and explored new ways of HTTP desync/smuggling exploitation based on HTTP/2 request processing issues. He submitted the bug to the Cloudflare security team through their bug bounty program. This security issue took Cloudflare a week to fix and was completed on July the 24th. Emil was awarded with a $1’000 bounty, and on August 15th, the company accepted this bug for public disclosure. Here we go. The nature and…

Next week, come visit with Wallarm in San Francisco. We will be exhibiting at the RSA conference, at the north part of Moscone Center, booth #N4825. Those of you who make it to the show will get a sneak peek of the new product we are working on — Wallarm FAST. Wallarm FAST will help those working in CI/CD environment: increase test coverage deploy test automation as a service focus DevSecOps on business logic Wallarm FAST is…