Security of the HTTP/2 protocol - request smuggling, downgrading, and other threats

The article on PortSwigger presents a detailed analysis of the HTTP/2 protocol, which is a modern version of the HTTP protocol used in internet communications. It discusses the key differences between HTTP/1.1 and HTTP/2, pointing out the benefits the new version brings, such as more efficient management of multiple requests within a single connection and reduced latency. The author also highlights significant security aspects related to the implementation of this protocol, including attacks that can be exploited by malicious users. Furthermore, the document meticulously describes techniques for attacking web applications based on HTTP/2, such as Denial of Service (DoS) attacks or header manipulations. The conclusion emphasizes the importance of users and developers being aware of the potential threats posed by the use of HTTP/2, despite its many advantages, and how crucial it is to monitor and test applications using this protocol to secure them from unauthorized access.