#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

HTTP2 Protocol | Breaking Cybersecurity News | The Hacker News

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

Aug 14, 2019
Various implementations of HTTP/2 , the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for better security and improved online experience by speeding up page loads. Today, over hundreds of millions of websites, or some 40 percent of all the sites on the Internet, are running using HTTP/2 protocol. A total of eight high-severity HTTP/2 vulnerabilities , seven discovered by Jonathan Looney of Netflix and one by Piotr Sikora of Google, exist due to resource exhaustion when handling malicious input, allowing a client to overload server's queue management code. The vulnerabilities can be exploited to launch Denial of Service (DoS) attacks against millions of online services and websites that are running on a web server with the vulnerable implementation of HTTP/2 , knocking
4 Flaws hit HTTP/2 Protocol that could allow Hackers to Disrupt Servers

4 Flaws hit HTTP/2 Protocol that could allow Hackers to Disrupt Servers

Aug 03, 2016
If you think that the HTTP/2 protocol is more secure than the standard HTTP ( Hypertext Transfer Protocol ), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol. HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as the browsing experience of the online users. Now, security researchers from data center security vendor Imperva today at Black Hat conference revealed details on at least four high-profile vulnerabilities in HTTP/2 – a major revision of the HTTP network protocol that the today's web is based on. The vulnerabilities allow attackers to slow web servers by flooding them with innocent looking messages that carry a payload of gigabytes of data, putting the servers into infinite loops and even causing them to crash. The HTTP/2 protocol can be divided into three layers: The transmissio
6 Ways to Simplify SaaS Identity Governance

6 Ways to Simplify SaaS Identity Governance

Feb 21, 2024SaaS Security / Identity Management
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can't possibly become experts in the nuances of the native security settings and access controls for hundreds (or thousands) of apps. And, even if they could, the sheer volume of tasks would easily bury them. Modern IT teams need a way to orchestrate and govern SaaS identity governance by engaging the application owners in the business who are most familiar with how the tool is used, and who needs what type of access.  Nudge Security is a  SaaS security and governance solution  that can help you do just that, with automated workflows to save time and make the process manageable at scale. Read on to learn how it works. 1 . Discover all SaaS apps used b
Google To Speed Up The Internet With Its New QUIC Protocol

Google To Speed Up The Internet With Its New QUIC Protocol

Apr 19, 2015
Google is trying every effort to make the World Wide Web faster for Internet users. The company has announced plans to propose its homemade networking protocol, called Quick UDP Internet Connections (QUIC) , to the Internet Engineering Task Force (IETF) in order to make it the next-generation Internet standard. Probably the term QUIC is new for you, but if you use Google's Chrome browser then there are chances that you have used this network protocol already. What is QUIC? QUIC is a low-latency transport protocol for the modern Internet over UDP, an Internet protocol that is often used for streaming media, gaming and VoIP services. The search engine giant first unveiled the experimental protocol QUIC and added it to Chrome Canary update in June 2013. The protocol already included a variety of new features, but the key feature is that QUIC runs a stream multiplexing protocol on top of UDP instead of TCP. The Idea behind QUIC: QUIC was developed to s
cyber security

NIST Cybersecurity Framework: Your Go-To Cybersecurity Standard is Changing

websiteArmorPointCybersecurity / Risk Management
Find everything you need to know to prepare for NIST CSF 2.0's impending release in this guide.
What is HTTP/2 ? Next-Gen Protocol For Faster and Safer Internet

What is HTTP/2 ? Next-Gen Protocol For Faster and Safer Internet

Feb 19, 2015
Good news for Internet folks! Get Ready as the entire web you know is about to change. The new and long-awaited version of HTTP took a major step toward becoming a reality on Wednesday – It is been officially finalized and approved. Mark Nottingham, chairman of the Internet Engineering Task Force (IETF) working group behind creating the standards, announced in a blog post that the HTTP 2.0 specifications have been formally approved. Now, the specifications will go through a last formality – Request for comment and editorial processes – before being published as a standard. LARGEST CHANGE IN HTTP OVER LAST 16 YEARS HTTP, or Hypertext Transfer Protocol, is one of the web standards familiar to most as the https:// at the beginning of a web address. HTTP protocol governs the connections between a user's browser and the server hosting a website, invented by the father of the web Sir Tim Berners-Lee. HTTP/2 is simply an update to the protocol, but is really a huge deal be
Cybersecurity Resources