HTTP Request Smuggling in 2020 – New Variants, New Defenses and New Challenges

HTTP Request Smuggling (AKA HTTP Desyncing) is an attack technique invented in 2005 that exploits different interpretations of a stream non-standard HTTP requests among various HTTP devices between the client (attacker) and the server (including the server itself). It can be used to smuggle requests across WAFs and security solutions, poison HTTP caches, inject responses to users and hijack user requests. By Amit Klein Full Abstract & Presentation Materials: https://www.blackhat.com/us-20/briefi...