How HTTP Compression Leaks Sessions and JWT - CRIME Explained and how HPACK in HTTP/2 fixes this

The Backend Engineering Show with Hussein Nasser - En podcast af Hussein Nasser

Prøv Podimo gratis i 30 dage

Prøv Podimo gratis i 30 dage

Et univers fyldt med hundredvis af eksklusive podcasts & lydbøger, klik her for at prøve

 Annoncering

Kategorier:

Teknologi

In this video we will explore one of the most popular side attacks CRIME Compression Ratio Info-leak Made Easy) and the different ways to mitigate this.   Intro 0:00  * HTTP/1.1 SPDY header compression 4:00* TLS compression  * Response body attackers can’t inject 13:00  * Mitigations  14:10      * HPACK/QPACK      * TLS Padding

Visit the podcast's native language site