As shown in the OWASP Top Ten, web applications often suffer from vulnerabilities like broken authentication, sensitive data exposure, etc. One source of these vulnerabilities is the semantic gap of the HTTP protocols, e.g., request smuggling, response splitting, and cache poisoning. There already exists a lot of research focusing on HTTP/1.1. However, the newer versions HTTP/2 and HTTP/3 are not yet studied that much.
The task of this thesis is to analyse HTTP/2 and HTTP/3 regarding semantic gap attacks and to develop countermeasures. Possible tasks are:
- Study of vulnerabilities in widespread WAFs/CDNs/Proxies
- Development and evaluation of countermeasures
- Building a test lab environment to evaluate the proposed solution