christophs@diaspora.glasswings.com
Christoph S

HTTP/2: The Sequel is Always Worse | PortSwigger Research

HTTP/2 is easily mistaken for a transport-layer protocol that can be swapped in with zero security implications for the website behind it. In this paper, I'll introduce multiple new classes of HTTP/2-exclusive threats caused by both implementation flaws and RFC imperfections.

#http2 #http #security #rfc

https://portswigger.net/research/http2

HTTP/2: The Sequel is Always Worse

In this research paper James Kettle introduces multiple new classes of HTTP/2-exclusive attacks, demonstrated on popular websites and servers.

1
2