Why So Quic! Racing And Fuzzing Http3 With Quicdraw Ui

HTTP/3 now powers more than 35% of internet-facing websites; yet the security tooling to test it barely exists. No major interception proxy supports it, and the assumption that QUIC's per-stream multiplexing makes race conditions impossible turns out to be wrong. This session walks through the research journey that challenged that assumption and produced QuicDraw, an open-source tool purpose-built for fuzzing and race condition testing over HTTP/3. This session, led by Maor Abutbul of CyberArk Labs, will cover: How HTTP/3's QUIC transport eliminates TCP head-of-line blocking; How the QUIC-FIN sync technique exploits multiplexing to synchronize bulk request release and trigger server-side race conditions; How QuicDraw and QuicDraw-UI work under the hood, including support for fuzzing, parallel request dispatch and copy-cURL compatibility with existing browser and proxy workflows.