YoVDO

Compression Bombs Strike Back

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Web Development Courses Cybersecurity Courses System Administration Courses Vulnerability Testing Courses

Course Description

Overview

Explore the security risks associated with data compression in HTTP protocols through this 39-minute conference talk from AppSecEU 2016 in Rome. Delve into the concept of compression bombs, their impact on implementations, and potential vulnerabilities in server systems. Learn about XML bombs, protocol specifications, and HTTP compression attacks. Examine experimental setups, HTTP response compression, and common pitfalls such as compression before authentication and during input validation. Gain insights into the challenges of communication between units and draw valuable conclusions for enhancing web application security.

Syllabus

Introduction
What is Slide
Data Compression
What is Compression
Compression in HTTP
Compression HTTP
Data Compression Risks
XML Bomb
Protocol Specification
Impact on implementations
HTTP compression attack
Vulnerabilities
Attacking servers
Experiment setup
HTTP response compression
Pitfalls
Compression before authentication
Compression during input validation
Communication between units
Conclusion


Taught by

OWASP Foundation

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network