Get 20% off all career paths from fullstack to AI
Lead AI-Native Products with Microsoft's Agentic AI Program
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore the potential security vulnerabilities and exploits associated with the HTTP Alternative Services header (Alt-Svc, RFC 7838) in this 33-minute Black Hat conference talk. Delve into how this header, originally introduced in 2013 to improve load balancing, protocol optimizations, and client segmentation, can be manipulated for malicious purposes. Learn about the unintended consequences and potential risks of this well-intentioned feature as presented by David Starobinski, Trishita Tiwari, and Ari Trachtenberg. Gain insights into the security implications of Alt-Svc and understand how it can be abused by attackers to compromise web security.
Syllabus
The Evil Alt-Ego: (ab)using HTTP Alternative Services
Taught by
Black Hat