HTTP/2 Client

Sorry, not available in this language yet

English
日本語
简体中文

AppSec SaaS Platform | Integrated, cloud-based AST solution optimized for development and DevSecOps teams.
AppSec IDE Plug-ins | Secure code as you write it in your IDE
Software Risk Management | Manage application security programs at enterprise scale
DevSecOps Integrations | Integrate AppSec tools into DevOps workflows

Static Analysis (SAST) | Address security and quality defects in code as it's being developed
Software Composition Analysis (SCA) | Secure and manage open source risks in applications and containers
Interactive Analysis (IAST) | Automate web security testing within your DevOps pipelines
Dynamic Analysis (DAST) | Continuous web application security testing in production.
Penetration Testing | Identify business-critical vulnerabilities with on-demand testing expertise.
Protocol Fuzzing | Identify defects and zero-day vulnerabilities in services and protocols

Program Strategy & Planning | Measure, scale, and optimize your AppSec program
Threat & Risk Assessments | Understand and address internal and external security risks
Security Training | Equip development teams with the skills they need to produce more secure software
Implementation & Deployment | Optimize utilization, management and deployment of AppSec tools
Security Testing Services | On-demand AppSec testing resources and expertise

Open Source & Security Audits | Comprehensive technical due diligence services for M&A

AI-generated code | Harness the power of AI coding assistants while managing the risks
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Consolidation | Simplify your application security program
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud
Open Source License Compliance | Effective solutions for ensuring open source license compliance
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality & Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators

Dev and DevOps Teams | Build secure software while maintaining developer productivity and pipeline velocity.
Security Teams | Align people, processes, and technology to minimize software risk and transform your business.
Legal Teams | Solutions to protect your IP and manage risk.

Financial Services | Protect sensitive customer and financial data from rapidly evolving security threats.
IoT & Embedded | Ensure your embedded and IoT devices are safe, secure, and reliable.
Automotive | Build software security & reliability into the modern connected car.
Telecommunications | Create seamless and safe mobile experiences, from silicon to software.
Aerospace & Defense | Solutions for automating mission-critical development.
Public Sector | Application security for government agencies and their suppliers.
Medical Device | Safeguard medical devices and applications.

HTTP2 Client Test Suite Data Sheet

Test Suite:

HTTP2 Client Test Suite

Direction:

Client

The HTTP2 protocol is a new version of HTTP/1.1 and it contains major changes. For example, where HTTP/1.1 protocol was a textual protocol, the HTTP2 is a binary protocol. Additionally, HTTP2 supports multiple concurrent streams over single TCP stream, its headers are packed and it can be encoded with Huffman encoding. With these changes, faster response time between server and client can be achieved.

Used specifications

Specification

Title

Notes

RFC2068

Hypertext Transfer Protocol -- HTTP/1.1

Only Link header

RFC2617

HTTP Authentication: Basic and Digest Access Authentication

RFC3986

Uniform Resource Identifier (URI): Generic Syntax

RFC4122

A Universally Unique IDentifier (UUID) URN Namespace

Anomaly only

RFC5322

Internet Message Format

FROM header mailbox specification only.

RFC5646

Tags for Identifying Languages

RFC5789

PATCH Method for HTTP

RFC5987

Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters

RFC6265

HTTP State Management Mechanism

Anomaly only

RFC6266

Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)

Anomaly only

RFC6454

The Web Origin Concept

Anomaly only

RFC6797

HTTP Strict Transport Security (HSTS)

Anomaly only

RFC6874

Representing IPv6 Zone Identifiers in Address Literals and Uniform Resource Identifiers

RFC7230

Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing

RFC7231

Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

RFC7232

Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests

RFC7233

Hypertext Transfer Protocol (HTTP/1.1): Caching

RFC7234

Hypertext Transfer Protocol (HTTP/1.1): Range Requests

RFC7235

Hypertext Transfer Protocol (HTTP/1.1): Authentication

RFC7540

Hypertext Transfer Protocol Version 2 (HTTP/2)

HTTP/2 main specification

RFC7541

HPACK: Header Compression for HTTP/2

RFC7838

HTTP Alternative Services

HTTP/2 Extension

RFC8288

Web Linking

RFC8338

The ORIGIN HTTP/2 Frame

HTTP/2 Extension

RFC8441

Bootstrapping WebSockets with HTTP/2

Anomaly only

MS-HTTP2E

[MS-HTTP2E]: Hypertext Transfer Protocol Version 2 (HTTP/2) Extension - Protocol Version 3

HTTP/2 Extension (Anomaly only)

draft-xie-bidirectional-messaging-02

An HTTP/2 Extension for Bidirectional Message Communication

Tool-specific information

Tested messages

Specifications

Notes

0 - DATA

RFC7540

1 - HEADERS

RFC7540

2 - PRIORITY

RFC7540

3 - RST_STREAM

RFC7540

4 - SETTINGS

RFC7540

5 - PUSH_PROMISE

RFC7540

6 - PING

RFC7540

7 - GOAWAY

RFC7540

8 - WINDOW_UPDATE

RFC7540

9 - CONTINUATION

RFC7540

10 - ALTSVC

RFC7838

HTTP/2 Extension

12 - ORIGIN

RFC8336

HTTP/2 Extension

251 - XHEADERS

draft-xie-bidirectional-messaging-02

HTTP/2 Extension

Supported features

Specification

Notes

HTTP/2 over TCP

RFC7540

HTTP2 over TCP (h2c).

HTTP/2 over TLS

RFC7540

HTTP2 over TLS (h2).

Huffman encoding

RFC7541

HPACK Huffman encoding for HTTP/2 Literal Header values.

Deflate content encoding

RFC1951

DEFLATE compressed data format for HTTP content.

GZIP content encoding

RFC1952

GZIP file format compression method for HTTP content.

Unsupported features

Specification

Notes

HTTP/1.x Upgrade to HTTP/2 connection

RFC7540

Upgrading connection from HTTP/1.x to HTTP/2. Parsing HTTP/1.x messages is not supported.

HPACK Dynamic table memory

RFC7541

Suite doesn't keep track of HPACK dynamic table indexes.

WebSocket connection

RFC8441

Suite doesn't include built-in WebSocket connection initiation or messages during test run.

TLS renegotiation

MS-HTTP2E

TLS renegotiation or initiating alternative connections during the test run.

HTTP authentication mechanisms

RFC6749, RFC5849

Suite doesn't support any dynamic HTTP authentication mechanisms, for example OAuth 2.0.

Supported SafeGuard checks

Notes

Information leakage

Echobleed for Ping.

Unprotected credentials

Secure connection usage.

Test tool general features

Fully automated black-box negative testing
Ready-made test cases
Written in Java(tm)
GUI command line remote interface modes
Instrumentation (health-check) capability
Support and maintenance
Comprehensive user documentation
Results reporting and analysis