HTTP2 Server Test Suite Data Sheet
Test Suite:
HTTP2 Server Test Suite
Direction:
Server

Hypertext Transfer Protocol 2 (HTTP2) is an application-level protocol for distributed, collaborative, hypermedia information systems. This test suite can be used to test HTTP2 Server implementations for security flaws and robustness problems. HTTP2 is successor of HTTP. HTTP2 has similar headers like in HTTP/1.1 but headers have binary packing and values can be Huffman encoded. Biggest changes in HTTP2 compared to HTTP/1.1 is that protocol is binary instead of ASCII and supports multiple streams.

Used specifications

Specification
Title
RFC2068

Hypertext Transfer Protocol -- HTTP/1.1

RFC2617

HTTP Authentication: Basic and Digest Access Authentication

RFC3986

Uniform Resource Identifier (URI): Generic Syntax

RFC5322

Internet Message Format

RFC5646

Tags for Identifying Languages

RFC5987

Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters

RFC6265

HTTP State Management Mechanism

RFC6266

Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)

RFC6797

HTTP Strict Transport Security (HSTS)

RFC6874

Representing IPv6 Zone Identifiers in Address Literals and Uniform Resource Identifiers

RFC7230

Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing

RFC7231

Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

RFC7232

Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests

RFC7233

Hypertext Transfer Protocol (HTTP/1.1): Caching

RFC7234

Hypertext Transfer Protocol (HTTP/1.1): Range Requests

RFC7235

Hypertext Transfer Protocol (HTTP/1.1): Authentication

RFC7540

Hypertext Transfer Protocol Version 2 (HTTP/22)

RFC7541

HPACK: Header Compression for HTTP/2

Tool-specific information

Feature
Description
Headers
RFC7540
Settings
RFC7540
Data
RFC7540
Ping
RFC7540
Priority
RFC7540
Window Update
RFC7540
Push Promise
RFC7540
Go Away
RFC7540
Reset Stream
RFC7540

Supported SafeGuard Checks

Information leakage

Remote execution

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis