HTTP/2: The Good, The Bad and The Vulnerable

Photo
Edgar Mikayelyan

Qrator Labs

About speaker

Head of a Presales Team, Qrator Labs. Graduate of the Yerevan State University Faculty of Mechanics. Responsible for design and implementation of technically complex projects to ensure continuous availability of Internet services for customers and partners. Has more than 18 years of experience in the IT industry. Previously worked for telecom companies and corporations driving large-scale projects on building fault-tolerant and secure IT infrastructures. In 2010 participated in the implementation and launch of the first Russian commercial DDoS attacks mitigation service Internet Umbrella.

About speakers's company

Qrator Labs is an acknowledged expert in Continuous Network Availability offering various Network security services to ensure safe Internet and continuous DDoS mitigation for businesses worldwide. Qrator Labs unique anycast architecture provides a reliable geo-distributed, low latency web app protection platform across the North and South America, Europe, Middle East and Asia with filtering bandwidth capacity of more than 3,000 Gbps and 15 points of presence worldwide. Traffic filtering is the core specialization of the company. Due to ongoing R&D and improvement of filtering algorithms, Qrator Labs is ready to detect and mitigate radically new types of attacks and network anomalies. A full range of Qrator Labs products to ensure online availability includes DDoS Protection, Smart Application Firewall, Ingress: ISP and datacenter infrastructure security, CDN, DNS, Bot Protection and Qrator.Radar. Qrator.Radar is a unique monitoring system making it possible to detect network anomalies that can significantly affect availability and quality of services at the global BGP routing level. The world’s biggest real-time routing data collector contains more than 800 BGP sessions with the world’s largest and most distributed peers. Qrator Labs provides DDoS mitigation services for small and large businesses in a variety of industries including financial institutions, e-commerce, media, education, tourism, and gaming.

4 July, 11:10, «Hall 1»

Abstracts

HTTP/2 is a newer version of HTTP protocol that enhances client-server communication with faster speed and efficiency. It also brings new vulnerabilities to the table. In this talk, we will explore the strengths and weaknesses of HTTP/2 and discuss how to protect against common DoS and DDoS attacks.

HTTP/2 is a major upgrade to the HTTP protocol, introducing new features such as binary framing, multiplexing, and server push, which greatly improve the performance and efficiency of web communication. However, the new protocol also brings new vulnerabilities, especially in the context of DoS and DDoS attacks.

In this talk, we will explore the inner workings of HTTP/2, including its benefits and drawbacks, as well as the potential impact of DoS and DDoS attacks on the protocol. We will also discuss common types of attacks that exploit HTTP/2 weaknesses, such as connection flooding and resource exhaustion, and provide practical tips on how to mitigate these risks. We’ll also discuss specific vulnerabilities in the protocol and techniques for mitigating these attacks, such as rate limiting and traffic analysis. By the end of this talk, attendees will have a better understanding of HTTP/2 and how to protect their websites from DDoS attacks.

The talk was accepted to the conference program