HTTP/2: FASTER DOESN’T MEAN SAFER, ATTACK SURFACE GROWING EXPONENTIALLY

1 Pages

While HTTP/2 delivers faster web performance, it also introduces new security risks. Imperva researchers uncovered major flaws stemming from new mechanisms like stream multiplexing and compression, as well as vulnerabilities in popular implementations such as Apache, IIS, and NGINX. These issues enable attacks like slow read, HPACK bombs, and stream abuse—reviving threats thought to be resolved in HTTP 1.1. As the attack surface expands, web application firewalls (WAFs) are essential for protecting systems and ensuring a safe transition to HTTP/2. Faster doesn't always mean safer.

Join for free to read

Report Elevating Human Attack Surface Management

Ebook The Secure Coding Handbook: A developer’s guide to delivering…

White Paper 3 Mistakes When it Comes to Cyber Asset Attack Surface…

White Paper The Four Pillars of Breach and Attack Simulation (BAS)

More from Imperva

Infographic 2024 The Economic Impact of API and Bot Attacks

Infographic 2024 Bad Bot Report: The Cost of an Account Takeover Attack

Report Imperva Incapsula Report: Top 10 DDoS Attack Trends

Guide Web Attack Survival Guide

Infographic

HTTP/2: FASTER DOESN’T MEAN SAFER, ATTACK SURFACE GROWING EXPONENTIALLY

HTTP/2: FASTER DOESN’T MEAN SAFER, ATTACK SURFACE GROWING EXPONENTIALLY

You Might Also Like

More from Imperva