YoVDO

Compression Bombs Strike Back

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Web Development Courses Cybersecurity Courses System Administration Courses Vulnerability Testing Courses

Course Description

Overview

Explore the security risks associated with data compression in HTTP protocols through this 39-minute conference talk from AppSecEU 2016 in Rome. Delve into the concept of compression bombs, their impact on implementations, and potential vulnerabilities in server systems. Learn about XML bombs, protocol specifications, and HTTP compression attacks. Examine experimental setups, HTTP response compression, and common pitfalls such as compression before authentication and during input validation. Gain insights into the challenges of communication between units and draw valuable conclusions for enhancing web application security.

Syllabus

Introduction
What is Slide
Data Compression
What is Compression
Compression in HTTP
Compression HTTP
Data Compression Risks
XML Bomb
Protocol Specification
Impact on implementations
HTTP compression attack
Vulnerabilities
Attacking servers
Experiment setup
HTTP response compression
Pitfalls
Compression before authentication
Compression during input validation
Communication between units
Conclusion


Taught by

OWASP Foundation

Related Courses

Certified WhiteHat Hacker Level 1 ( CWHH Level 1)
Udemy Online Application Security Testing Essential Training
LinkedIn Learning Building a Cybersecurity Home Lab Environment
Pluralsight Bug Bounty Methodology
YouTube Uncle Rat's Web Application Hacking And Bug Bounty Guide
Udemy