< overview
HTTP2 Server Test Suite Data Sheet
Test Suite:
HTTP2 Server Test SuiteDirection:
ServerHypertext Transfer Protocol 2 (HTTP2) is an application-level protocol for distributed, collaborative, hypermedia information systems. This test suite can be used to test HTTP2 Server implementations for security flaws and robustness problems. HTTP2 is successor of HTTP. HTTP2 has similar headers like in HTTP/1.1 but headers have binary packing and values can be Huffman encoded. Biggest changes in HTTP2 compared to HTTP/1.1 is that protocol is binary instead of ASCII and supports multiple streams.
Used specifications
Specification
Title
RFC2068
Hypertext Transfer Protocol -- HTTP/1.1
RFC2617
HTTP Authentication: Basic and Digest Access Authentication
RFC3986
Uniform Resource Identifier (URI): Generic Syntax
RFC5322
Internet Message Format
RFC5646
Tags for Identifying Languages
RFC5987
Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters
RFC6265
HTTP State Management Mechanism
RFC6266
Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)
RFC6797
HTTP Strict Transport Security (HSTS)
RFC6874
Representing IPv6 Zone Identifiers in Address Literals and Uniform Resource Identifiers
RFC7230
Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
RFC7231
Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
RFC7232
Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests
RFC7233
Hypertext Transfer Protocol (HTTP/1.1): Caching
RFC7234
Hypertext Transfer Protocol (HTTP/1.1): Range Requests
RFC7235
Hypertext Transfer Protocol (HTTP/1.1): Authentication
RFC7540
Hypertext Transfer Protocol Version 2 (HTTP/22)
RFC7541
HPACK: Header Compression for HTTP/2
Tool-specific information
Feature
Description
Headers
RFC7540
Settings
RFC7540
Data
RFC7540
Ping
RFC7540
Priority
RFC7540
Window Update
RFC7540
Push Promise
RFC7540
Go Away
RFC7540
Reset Stream
RFC7540
Supported SafeGuard Checks
Information leakage
Remote execution
Test tool general features
- Fully automated black-box negative testing
- Ready-made test cases
- Written in Java(tm)
- GUI command line remote interface modes
- Instrumentation (health-check) capability
- Support and maintenance
- Comprehensive user documentation
- Results reporting and analysis