Good, Bad and the Ugly of HTTP/2 - Pentestmag
0

Good, Bad and the Ugly of HTTP/2

Jul 3, 2023

Authors
Pranali Phadtare, Soummya Kulkarni, Shruthi Shunmugom M

About Us
IBM PTC is a proficient internal Security Test Team responsible for vulnerability assessment & ethical
hacking of web, mobile applications & infrastructure.

Abstract

HTTP/2 is an upgraded version of the HTTP 1.1 protocol. HTTP/2 provides various considerable refinements in terms of performance by addressing the prominent issues with HTTP/1.1 protocol. These refinements seems to have incidental impact in terms of security. This article tries to elucidate various functionalities of HTTP/2 and also explains web application related vulnerabilities of HTTP/2, such as Denial of Service attacks and downgrading vulnerabilities. 

Introduction to HTTP Protocol

HyperText Transfer Protocol (HTTP) is a communication protocol used to connect to Web servers on the Internet or on a local network. The primary function of HTTP is to establish a connection with the server and send HTML pages back to the user's browser. It is also used to download data from the server, either to the browser or to any requesting application that uses HTTP.

HTTP is an application layer protocol and works on Client-Server model. Basic working of HTTP can be as follows:

  1. Client establishes TCP connection with server.
  2. Client sends an HTTP request to server....



Read the rest of this story with a free account.

Already have an account? Sign in

December 10, 2024

Author

Pranali Phadtare, Soummya Kulkarni, Shruthi Shunmugom M
Latest Articles
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
Get unlimited access

Join Us

Become an Instructor

Become a Reviewer

Writing on Pentestmag

LOOKING for a JOB in IT security?


.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023