Posted by: jasonk2600 | January 6, 2010

Paper: HTTP Digest Integrity

Timothy D. Morgan of VSR has written a short paper on the vulnerabilities of HTTP security and recent attacks exploiting them.  The paper also discusses using HTTP digest authentication as another layer to mitigate such attacks.  Click the link below to download the paper.

“Recent history has proven that web communications security is highly lacking in redundancy.  That is, simple breaks in common protocols, such as SSL/TLS or the authentication mechanisms which support it, often lead to catastrophic gaps in security.  Recent examples of this fragile architecture abound, and even when protocols and implementations themselves are sound, research indicates browser user interfaces continue to leave room for serious attacks.

This paper explores how the seldom-used HTTP digest authentication protocol can be used to mitigate certain recent forms of attack, including SSL/TLS renegotiation and some types of HTTP request smuggling.”



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: