Category

Technical

Category

Deserialisation vulnerabilities are often difficult to exploit. In most cases, you need access to the source code to identify the available classes or libraries used. This allows you to choose a suitable gadget chain or build a new one.

However, access to the source code is not always possible. It generally requires high privileges or the prior exploitation of another vulnerability.

What is a Slow HTTP Attack? Types and Security Best Practices

Denial of Service (DoS) are among the most common attacks on the web. There are many variants. One of them, which is particularly easy to exploit and inexpensive in terms of resources, deserves our attention: Slow HTTP attacks.

In this article, we will explain how a Slow HTTP attack works. We will also look at the main types of attack and the security best practices to prevent them.

What is HTTP Request Smuggling? Exploitations and Security Best Practices

When a client accesses a website, it communicates with the server through the HTTP protocol. Initially text-based, this protocol became binary with HTTP/2, but its operation is still based on TCP.

Each exchange begins with the creation of a connection between the client and the server. With HTTP/1.0, this connection was closed after each request. But with HTTP/1.1, the Keep-Alive mode became the norm, allowing the connection to be kept open for several successive exchanges.