HTTP2 and You - Brett Gravois NolaCon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)
HTTP2 and You
Brett Gravois
@Security_Panda

Although not commonly known, HTTP2 was first published in May 2015 as an update to HTTP 1.1. By the end of that year, the majority of major browsers added HTTP2 support; it is now being utilized all across the Internet. Sites such as Google, Twitter, Facebook, and perhaps even your company’s site have HTTP2 enabled. If so, you probably do not realize you are using it. In fact, many Web Application Firewalls (WAFs) are not keeping pace with HTTP2 security needs and common AppSec testing tools such Burp, Zap, and other DAST products don't support HTTP2. This talk will discuss the details of the presenter’s discovery process in identifying how many site hosts are utilizing HTTP2, and a sample of common vulnerabilities which were found on these sites. Attendees will come away with having a better understanding of the security implications of HTTP2 and how you can detect these potential pitfalls on your network using freely available tools.

Recorded at NolaCon 2018

video

Back to NolaCon 2018 video list



If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek