Practical Approach to Detecting and Preventing Web Application Attacks over HTTP/2- A SANS Master\\'s Degree Presentation

  • Webcast Aired Wednesday, 11 Apr 2018 3:30PM EDT (11 Apr 2018 19:30 UTC)
  • Speaker: Russel Van Tuyl

HTTP/2 is a protocol that increases efficiency, overcomes shortfalls of the HTTP/1 protocol, and is intended to be used only over TLS connections. Because this protocol is relatively new, there is a lack of tools capable of inspecting the protocol to detect or prevent attacks. The protocol's use of Perfect Forward Secrecy TLS cipher suites further complicates matters by preventing inspecting technologies from capturing the keying material required to decrypt traffic for inspection. This presentation provides an overview of the HTTP/2 protocol along with implications for defenders and attackers alike. A new tool will be released to the public that leverages HTTP/2 Command & Control of a host across many platforms to include Linux, Windows, Android, and MacOS.