HTTP Request Smuggling in the Multiverse of Parsing Flaws

Abstract

HTTP request smuggling is a vulnerability which arises when web servers and proxies interpret the length of a single HTTP request differently. While basic techniques have been known since 2005, renewed research interest in HTTP request smuggling in recent years have uncovered many new bugs in popular web proxies and servers. Nowadays, novel HTTP request smuggling techniques rely on subtle deviations from the HTTP standard. In this talk, Zeyu will discuss some of his recent findings and novel techniques.


Speakers Information


Zhang Zeyu

Zeyu is a passionate information security professional. He holds several industry certifications, such as the OSCP and Burp Suite Certified Practitioner certification. In his free time, he plays cybersecurity Capture the Flag (CTF) competitions with Social Engineering Experts, a team he founded that is now ranked 1st in Singapore and among the top 30 globally on CTFtime. Zeyu primarily specialises in web security, and has conducted vulnerability research featured in industry newsletters such as The Daily Swig. He will be pursuing a degree in Computer Science from the University of Cambridge starting next year.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.