Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks

Organizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date. 
The post Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks appeared first on SecurityWeek.
Continue reading Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks

What are the security risks associated with hosting a web application that does not handle sensitive data without HTTPS?

Suppose one hosts a web application that does not handle any sensitive data (e.g. passwords, session cookies, etc.), without using HTTPS. What potential security issues arise as a direct consequence from this? Assume that man-in-the-middle… Continue reading What are the security risks associated with hosting a web application that does not handle sensitive data without HTTPS?

Why is one particular page not being cached, and the others are? all have same caching headers [migrated]

I’ve been reading a bunch on how caching of web pages is handled, I feel like I have a good grasp on everything, but I’ve encountered something I don’t understand.
I’m testing a site and it sends the same caching headers on every HTTPS res… Continue reading Why is one particular page not being cached, and the others are? all have same caching headers [migrated]

Why does the DOM single-origin policy take into account protocol and port? What if it was just domain?

I’m learning the basics of network security and am trying to really understand the single origin policy. I was wondering what the vulnerabilities would be if an origin was only defined by domain, as opposed to the normal trio of scheme, do… Continue reading Why does the DOM single-origin policy take into account protocol and port? What if it was just domain?

HTTP Request Smuggling Exploit – Need Clarification on Behavior of the ‘Host’ Header

I’ve been reading about HTTP Request Smuggling attacks and I’ve come across a situation that I don’t fully understand. I’ve been studying the report by James Kettle where he describes an attack against Netflix’s servers (https://portswigge… Continue reading HTTP Request Smuggling Exploit – Need Clarification on Behavior of the ‘Host’ Header