YoVDO

HTTP/2 - The Sequel is Always Worse

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Web Development Courses Cybersecurity Courses HTTP/2 Courses

Course Description

Overview

Explore the security implications of HTTP/2 in this 38-minute Black Hat conference talk. Delve beyond existing research to uncover critical implementation flaws and RFC imperfections in the protocol. Learn about HTTP/2 request smuggling techniques, examine case studies involving major platforms like Netflix and Amazon, and understand key differences from HTTP/1. Discover new exploit primitives, visualization techniques, and practical considerations for working with HTTP/2. Gain insights into potential vulnerabilities and hotfixes as presented by security researcher James Kettle.

Syllabus

Introduction
My Story
Outline
Key Differences
Exploitation
H2 Request Smuggling
Case Study Netflix
Case Study Amazon
Case Studyjira
Hotfixes
Visualization
First Problem
Second Problem
HP2 Exploit Primitives
HTTP colons
A few practicalities


Taught by

Black Hat

Related Courses

30 Days to Learn Laravel
Laracasts
3D Graphics for Web Developers
Pompeu Fabra University via FutureLearn
A Beginner’s Guide to Web Development with HTML5
Packt via FutureLearn
Accessibility Audit
Amazon Web Services via AWS Skill Builder
Expanding Your JS Skills with Angular
A Cloud Guru