HTTP/2 Deep Dive: Architecture, Security, Vulnerabilities & Quantum Threat

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/16/10/f1/1610f1ba-94f9-ff90-fcf5-295f56cad680/mza_14832663211430209641.jpg/600x600bb.jpg

InfoSec Bites

HelloInfoSec

115 episodes

1 day ago

Welcome to Hello InfoSec, your ultimate hub for all things cybersecurity! Dive into our thrilling podcast series, InfoSec Bites, where we unleash deep dives into Information Security, jaw-dropping Major Security Incidents, cutting-edge Cloud Information Security, crucial Privacy topics, revolutionary Artificial Intelligence, mind-bending Quantum Computing, and so much more! Get ready to geek out with expert insights and stay ahead of the curve—hit that like button, subscribe now, and turn on notifications for fresh episodes that will blow your mind! https://www.youtube.com/@HelloInfoSec

Technology

RSS

All content for InfoSec Bites is the property of HelloInfoSec and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_episode/44370068/44370068-1760143874810-28b94c4f2b04b.jpg

HTTP/2 Deep Dive: Architecture, Security, Vulnerabilities & Quantum Threat

InfoSec Bites

39 minutes 27 seconds

3 weeks ago

HTTP/2 Deep Dive: Architecture, Security, Vulnerabilities & Quantum Threat

The discussion in this podcast provides an extensive analysis of the HTTP/2 protocol, detailing its architectural shift from the text-based HTTP/1.1 to a more efficient binary and stateful framework using features like multiplexing and HPACK header compression. It thoroughly explains how these performance-enhancing changes, which solve application-layer Head-of-Line (HOL) blocking, simultaneously introduce new security vulnerabilities centred on computational amplification and resource exhaustion. It examines several critical denial-of-service (DoS) vectors, including the Rapid Reset attack (CVE-2023-44487) and the HPACK Decompression Bomb, noting that these attacks exploit the protocol's state management complexities. Finally, the analysis discusses necessary layered mitigation strategies—stressing the need for edge protection via CDNs and WAFs—while concluding that HTTP/2's reliance on TCP's HOL blocking limitation necessitates the adoption of the successor protocol, HTTP/3 (QUIC).