homepage
Open menu
Contact Sales

Practical Approach to Detecting and Preventing Web Application Attacks over HTTP/2- A SANS Master\\'s Degree Presentation

  • Wednesday, 11 Apr 2018 3:30PM EDT (11 Apr 2018 19:30 UTC)
  • Speaker: Russel Van Tuyl

HTTP/2 is a protocol that increases efficiency, overcomes shortfalls of the HTTP/1 protocol, and is intended to be used only over TLS connections. Because this protocol is relatively new, there is a lack of tools capable of inspecting the protocol to detect or prevent attacks. The protocol's use of Perfect Forward Secrecy TLS cipher suites further complicates matters by preventing inspecting technologies from capturing the keying material required to decrypt traffic for inspection. This presentation provides an overview of the HTTP/2 protocol along with implications for defenders and attackers alike. A new tool will be released to the public that leverages HTTP/2 Command & Control of a host across many platforms to include Linux, Windows, Android, and MacOS.

Login to Register

Related Content

Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
Blog: Industrial Control Systems Cyber threats & The Gulf Region (Part 1)
Cybersecurity and IT Essentials
Industrial Control Systems Cyber Threats & The Gulf Region: ICS Blog Series: 1 of 3
Modern Attacks Against Critical InfrastructureThe evolution of targeted attacks against critical infrastructure in recent times sends a clear message to asset owners and operators. In industrial control systems - water management, oil and gas refineries and distribution operations, and power grids,...
DeanParsons_340x340.png
Dean Parsons
read more
Blog
AI_blog.png
Cybersecurity and IT Essentials, Artificial Intelligence (AI)
A Visual Summary of SANS AI Cybersecurity Summit 2023
Check out these graphic recordings created in real-time throughout the event for SANS AI Cybersecurity Summit 2023
370x370-person-placeholder.png
Alison Kim
read more