HTTP Bombs / Large Payload Post An HTTP bomb, also known as Large Payload Post, is a class of HTTP DDoS attack. An ‘HTTP bomb’ uses the HTTP POST method to send large, complex POST requests, usually scripted as an XML data structure... HTTP Request Smuggling (HRS) HTTP Request Smuggling, also known as HTTP Desync Attacks, is an attack technique for interfering with the way a website processes sequences of HTTP requests that are received from one or more users. HTTP Request Splitting HTTP Request Splitting is an attack technique that interferes in the parsing and interpretation of HTTP request messages to split a single HTTP request into multiple unauthorized and malicious HTTP requests to a back-end HTTP agent. HTTP Response Smuggling HTTP Response Smuggling is a technique that attackers use to manipulate and inject malicious content in the form of unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent. HTTP Response Splitting (CRLF injection) HTTP Response Splitting refers to an attacker’s ability to send a single HTTP request that forces the web server to form an output stream, which is then interpreted by the target as two HTTP responses instead of one response. iFrame Injection XSS An iframe is a HTML webpage that is embedded inside another webpage on a website, allowing for the inclusion of content from external sources, such as advertising, on webpages. Insecure Application Design Insecure Application Design refers to the risks related to missing or ineffective design controls and architectural flaws in application development. Insufficient Logging and Monitoring Insufficient logging and monitoring refers to a security event not being correctly detected, logged and monitored to ensure adequate and timely response to the incident or breach. Previous 1 2 3 4 5 6 ... Next 4 5 6
HTTP Bombs / Large Payload Post An HTTP bomb, also known as Large Payload Post, is a class of HTTP DDoS attack. An ‘HTTP bomb’ uses the HTTP POST method to send large, complex POST requests, usually scripted as an XML data structure...
HTTP Request Smuggling (HRS) HTTP Request Smuggling, also known as HTTP Desync Attacks, is an attack technique for interfering with the way a website processes sequences of HTTP requests that are received from one or more users.
HTTP Request Splitting HTTP Request Splitting is an attack technique that interferes in the parsing and interpretation of HTTP request messages to split a single HTTP request into multiple unauthorized and malicious HTTP requests to a back-end HTTP agent.
HTTP Response Smuggling HTTP Response Smuggling is a technique that attackers use to manipulate and inject malicious content in the form of unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent.
HTTP Response Splitting (CRLF injection) HTTP Response Splitting refers to an attacker’s ability to send a single HTTP request that forces the web server to form an output stream, which is then interpreted by the target as two HTTP responses instead of one response.
iFrame Injection XSS An iframe is a HTML webpage that is embedded inside another webpage on a website, allowing for the inclusion of content from external sources, such as advertising, on webpages.
Insecure Application Design Insecure Application Design refers to the risks related to missing or ineffective design controls and architectural flaws in application development.
Insufficient Logging and Monitoring Insufficient logging and monitoring refers to a security event not being correctly detected, logged and monitored to ensure adequate and timely response to the incident or breach.