Authors
Pranali Phadtare, Soummya Kulkarni, Shruthi Shunmugom M

About Us
IBM PTC is a proficient internal Security Test Team responsible for vulnerability assessment & ethical
hacking of web, mobile applications & infrastructure.

Abstract

HTTP/2 is an upgraded version of the HTTP 1.1 protocol. HTTP/2 provides various considerable refinements in terms of performance by addressing the prominent issues with HTTP/1.1 protocol. These refinements seems to have incidental impact in terms of security. This article tries to elucidate various functionalities of HTTP/2 and also explains web application related vulnerabilities of HTTP/2, such as Denial of Service attacks and downgrading vulnerabilities. 

Introduction to HTTP Protocol

HyperText Transfer Protocol (HTTP) is a communication protocol used to connect to Web servers on the Internet or on a local network. The primary function of HTTP is to establish a connection with the server and send HTML pages back to the user’s browser.....