Dartmouth Events

Abstract: On the internet today, the web content is not delivered directly by a web server anymore. Instead, additional one or two (sometimes even more) servers such as cache servers, load balancers and CDN servers help the web server for an efficient delivery. As a result, a typical web request goes through a chain of HTTP servers to fetch a content. This increased complexity opens the door to a new wave of attacks, which we collectively refer to as HTTP server chain attacks. These attacks have been demonstrated to have serious consequences on high-profile targets and therefore have received the immediate attention of developers and security teams. However, developers and security teams are not equipped with tools to search for these attack vectors threatening their systems. Our research fills this gap by designing systematic approaches and developing effective tools to enable developers and security teams to proactively and extensively search for HTTP server chain attack vectors.

Bio:Bahruz Jabiyev recently earned his PhD from Northeastern University in Boston where he was doing web and network security research with advisor Engin Kirda.