Compression Bombs Strike Back

Explore the security risks associated with data compression in HTTP protocols through this 39-minute conference talk from AppSecEU 2016 in Rome. Delve into the concept of compression bombs, their impact on implementations, and potential vulnerabilities in server systems. Learn about XML bombs, protocol specifications, and HTTP compression attacks. Examine experimental setups, HTTP response compression, and common pitfalls such as compression before authentication and during input validation. Gain insights into the challenges of communication between units and draw valuable conclusions for enhancing web application security.

Introduction
What is Slide
Data Compression
What is Compression
Compression in HTTP
Compression HTTP
Data Compression Risks
XML Bomb
Protocol Specification
Impact on implementations
HTTP compression attack
Vulnerabilities
Attacking servers
Experiment setup
HTTP response compression
Pitfalls
Compression before authentication
Compression during input validation
Communication between units
Conclusion