The Best Online Cybersecurity Training in the World - SANS OnDemand

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Practical Approach to Detecting and Preventing Web Application Attacks over HTTP/2- A SANS Master's Degree Presentation

  • Wednesday, April 11th, 2018 at 3:30 PM EDT (19:30:00 UTC)
  • Russel Van Tuyl
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

HTTP/2 is a protocol that increases efficiency, overcomes shortfalls of the HTTP/1 protocol, and is intended to be used only over TLS connections. Because this protocol is relatively new, there is a lack of tools capable of inspecting the protocol to detect or prevent attacks. The protocol's use of Perfect Forward Secrecy TLS cipher suites further complicates matters by preventing inspecting technologies from capturing the keying material required to decrypt traffic for inspection. This presentation provides an overview of the HTTP/2 protocol along with implications for defenders and attackers alike. A new tool will be released to the public that leverages HTTP/2 Command & Control of a host across many platforms to include Linux, Windows, Android, and MacOS.

Speaker Bio

Russel Van Tuyl

Russel Van Tuyl is a security analyst for Sword & Shield Enterprise Security. His primary role consists of conducting network vulnerability assessments, penetration tests, and web application assessments but also performs firewall configuration audits, wireless assessments, and social engineering engagements. He has more than 15 years of experience in the technical field in roles such as database design, field device support, help desk, IT asset management, programming, and information security.

 

Russel Van Tuyl is a candidate for the Master of Science degree in Information Security Engineering from the SANS Technology Institute.  

 

The SANS Technology Institute is the only graduate program that combines SANS technical training, recognized as the industry’s best, with leadership and management curriculum specifically developed for the unique needs of aspiring leaders. Learn more at www.sans.edu.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.