#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

HTTP2 Protocol | Breaking Cybersecurity News | The Hacker News

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

Aug 14, 2019
Various implementations of HTTP/2 , the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for better security and improved online experience by speeding up page loads. Today, over hundreds of millions of websites, or some 40 percent of all the sites on the Internet, are running using HTTP/2 protocol. A total of eight high-severity HTTP/2 vulnerabilities , seven discovered by Jonathan Looney of Netflix and one by Piotr Sikora of Google, exist due to resource exhaustion when handling malicious input, allowing a client to overload server's queue management code. The vulnerabilities can be exploited to launch Denial of Service (DoS) attacks against millions of online services and websites that are running on a web server with the vulnerable implementation of HTTP/2 , knocking
4 Flaws hit HTTP/2 Protocol that could allow Hackers to Disrupt Servers

4 Flaws hit HTTP/2 Protocol that could allow Hackers to Disrupt Servers

Aug 03, 2016
If you think that the HTTP/2 protocol is more secure than the standard HTTP ( Hypertext Transfer Protocol ), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol. HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as the browsing experience of the online users. Now, security researchers from data center security vendor Imperva today at Black Hat conference revealed details on at least four high-profile vulnerabilities in HTTP/2 – a major revision of the HTTP network protocol that the today's web is based on. The vulnerabilities allow attackers to slow web servers by flooding them with innocent looking messages that carry a payload of gigabytes of data, putting the servers into infinite loops and even causing them to crash. The HTTP/2 protocol can be divided into three layers: The transmissio
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Google To Speed Up The Internet With Its New QUIC Protocol

Google To Speed Up The Internet With Its New QUIC Protocol

Apr 19, 2015
Google is trying every effort to make the World Wide Web faster for Internet users. The company has announced plans to propose its homemade networking protocol, called Quick UDP Internet Connections (QUIC) , to the Internet Engineering Task Force (IETF) in order to make it the next-generation Internet standard. Probably the term QUIC is new for you, but if you use Google's Chrome browser then there are chances that you have used this network protocol already. What is QUIC? QUIC is a low-latency transport protocol for the modern Internet over UDP, an Internet protocol that is often used for streaming media, gaming and VoIP services. The search engine giant first unveiled the experimental protocol QUIC and added it to Chrome Canary update in June 2013. The protocol already included a variety of new features, but the key feature is that QUIC runs a stream multiplexing protocol on top of UDP instead of TCP. The Idea behind QUIC: QUIC was developed to s
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
What is HTTP/2 ? Next-Gen Protocol For Faster and Safer Internet

What is HTTP/2 ? Next-Gen Protocol For Faster and Safer Internet

Feb 19, 2015
Good news for Internet folks! Get Ready as the entire web you know is about to change. The new and long-awaited version of HTTP took a major step toward becoming a reality on Wednesday – It is been officially finalized and approved. Mark Nottingham, chairman of the Internet Engineering Task Force (IETF) working group behind creating the standards, announced in a blog post that the HTTP 2.0 specifications have been formally approved. Now, the specifications will go through a last formality – Request for comment and editorial processes – before being published as a standard. LARGEST CHANGE IN HTTP OVER LAST 16 YEARS HTTP, or Hypertext Transfer Protocol, is one of the web standards familiar to most as the https:// at the beginning of a web address. HTTP protocol governs the connections between a user's browser and the server hosting a website, invented by the father of the web Sir Tim Berners-Lee. HTTP/2 is simply an update to the protocol, but is really a huge deal be
Cybersecurity Resources