Play all

Introduction

What is Slide

Data Compression

What is Compression

Compression in HTTP

Compression HTTP

Data Compression Risks

XML Bomb

Protocol Specification

Impact on implementations

HTTP compression attack

Vulnerabilities

Attacking servers

Experiment setup

HTTP response compression

Pitfalls

Compression before authentication

Compression during input validation

Communication between units

Conclusion

Description:

Explore the security risks associated with data compression in HTTP protocols through this 39-minute conference talk from AppSecEU 2016 in Rome. Delve into the concept of compression bombs, their impact on implementations, and potential vulnerabilities in server systems. Learn about XML bombs, protocol specifications, and HTTP compression attacks. Examine experimental setups, HTTP response compression, and common pitfalls such as compression before authentication and during input validation. Gain insights into the challenges of communication between units and draw valuable conclusions for enhancing web application security.

Compression Bombs Strike Back

OWASP Foundation

Add to list

#Conference Talks #Programming #Web Development #Information Security (InfoSec) #Cybersecurity #Computer Science #System Administration #Vulnerability Testing