YoVDO

Compression Bombs Strike Back

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Web Development Courses Cybersecurity Courses System Administration Courses Vulnerability Testing Courses

Course Description

Overview

Explore the security risks associated with data compression in HTTP protocols through this 39-minute conference talk from AppSecEU 2016 in Rome. Delve into the concept of compression bombs, their impact on implementations, and potential vulnerabilities in server systems. Learn about XML bombs, protocol specifications, and HTTP compression attacks. Examine experimental setups, HTTP response compression, and common pitfalls such as compression before authentication and during input validation. Gain insights into the challenges of communication between units and draw valuable conclusions for enhancing web application security.

Syllabus

Introduction
What is Slide
Data Compression
What is Compression
Compression in HTTP
Compression HTTP
Data Compression Risks
XML Bomb
Protocol Specification
Impact on implementations
HTTP compression attack
Vulnerabilities
Attacking servers
Experiment setup
HTTP response compression
Pitfalls
Compression before authentication
Compression during input validation
Communication between units
Conclusion


Taught by

OWASP Foundation

Related Courses

Introduction to Linux
Linux Foundation via edX Rapid Deployment of SAP Solutions
SAP Learning SAP Screen Personas
SAP Learning Office 365: Managing Identities and Services
Microsoft via edX Microsoft Exchange Server 2016 - 3: Mailbox Databases
Microsoft via edX