HTTP/2 Client

Sorry, not available in this language yet

English
日本語
简体中文

AI-generated code | Harness the power of AI coding assistants while managing the risks.
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Program Consolidation | Simplify your application security program.
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage Enterprise AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud.
Open Source License Compliance | Effective solutions for ensuring open source license compliance.
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality and Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators.

Static Analysis (SAST) | Analyzing code for security vulnerabilities without executing it.
Software Composition Analysis (SCA) | Analyzing software components for security and license compliance.
Dynamic Analysis (DAST) | Testing running applications for security vulnerabilities.
Interactive Analysis (IAST) | Real-time security testing during application execution.
Penetration Testing | Simulated cyberattacks to identify vulnerabilities.
Mobile Application Security Testing (MAST) | Ensuring the security of mobile applications.
Application Security Posture Management (ASPM) | Managing and improving application security posture.
Fuzz Testing Solutions | Identifying vulnerabilities by inputting random data to applications.

Automotive | Security solutions for automotive industry applications.
Financial Services | Security solutions tailored for financial services.
IoT & Embedded | Security for Internet of Things and embedded systems.
Medical Devices | Security solutions for medical devices.
Public Sector | Security solutions for government and public sector organizations.

Dev and DevOps Teams | Security tools and practices for development and DevOps teams.
Security Teams | Solutions and support for dedicated security teams.
Legal Teams | Resources and compliance tools for legal teams.

HTTP2 Client Test Suite Data Sheet

Test Suite:

HTTP2 Client Test Suite

Direction:

Client

The HTTP/2 protocol is a new version of HTTP/1.1 and it contains major changes. For example, where HTTP/1.1 protocol was a textual protocol, HTTP/2 is a binary protocol. Additionally, HTTP/2 supports multiple concurrent streams over a single TCP stream, its headers are packed and it can be encoded with Huffman encoding. With these changes, faster response time between server and client can be achieved.

Used specifications

Specification

Title

Notes

RFC2068

Hypertext Transfer Protocol -- HTTP/1.1

HPACK header fields (Only Link header)

RFC2617

HTTP Authentication: Basic and Digest Access Authentication

RFC3986

Uniform Resource Identifier (URI): Generic Syntax

HPACK header fields

RFC4122

A Universally Unique IDentifier (UUID) URN Namespace

HPACK header fields (Anomaly only)

RFC5322

Internet Message Format

HPACK header fields (FROM header mailbox specification only)

RFC5646

Tags for Identifying Languages

HPACK header fields

RFC5789

PATCH Method for HTTP

HPACK header fields

RFC5987

Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters

HPACK header fields

RFC6265

HTTP State Management Mechanism

HPACK header fields (Anomaly only)

RFC6266

Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)

HPACK header fields (Anomaly only)

RFC6454

The Web Origin Concept

HPACK header fields (Anomaly only)

RFC6797

HTTP Strict Transport Security (HSTS)

HPACK header fields (Anomaly only)

RFC6874

Representing IPv6 Zone Identifiers in Address Literals and Uniform Resource Identifiers

HPACK header fields

RFC7230

Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing

HPACK header fields

RFC7231

Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

HPACK header fields

RFC7232

Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests

HPACK header fields

RFC7233

Hypertext Transfer Protocol (HTTP/1.1): Caching

HPACK header fields

RFC7234

Hypertext Transfer Protocol (HTTP/1.1): Range Requests

HPACK header fields

RFC7235

Hypertext Transfer Protocol (HTTP/1.1): Authentication

HPACK header fields

RFC7540

Hypertext Transfer Protocol Version 2 (HTTP/2)

HTTP/2 main specification (Obsoleted by RFC9113)

RFC7541

HPACK: Header Compression for HTTP/2

HPACK main specification

RFC7838

HTTP Alternative Services

HTTP/2 extension

RFC8288

Web Linking

HPACK header fields

RFC8338

The ORIGIN HTTP/2 Frame

HTTP/2 extension

RFC8441

Bootstrapping WebSockets with HTTP/2

HTTP/2 extension (Anomaly only)

RFC9113

HTTP/2

HTTP/2 main specification (Obsoletes RFC7540)

MS-HTTP2E

[MS-HTTP2E]: Hypertext Transfer Protocol Version 2 (HTTP/2) Extension - Protocol Version 3

HTTP/2 extension (Anomaly only)

draft-xie-bidirectional-messaging-02

An HTTP/2 Extension for Bidirectional Message Communication

HTTP/2 extension

Tool-specific information

Tested messages

Specifications

Notes

0 - DATA

RFC9113

1 - HEADERS

RFC9113

2 - PRIORITY

RFC9113, RFC7540

3 - RST_STREAM

RFC9113

4 - SETTINGS

RFC9113

5 - PUSH_PROMISE

RFC9113

6 - PING

RFC9113

7 - GOAWAY

RFC9113

8 - WINDOW_UPDATE

RFC9113

9 - CONTINUATION

RFC9113

10 - ALTSVC

RFC7838

HTTP/2 extension

12 - ORIGIN

RFC8336

HTTP/2 extension

251 - XHEADERS

draft-xie-bidirectional-messaging-02

HTTP/2 extension

Supported features

Specifications

Notes

HTTP/2 over TCP

RFC9113

HTTP/2 over TCP (h2c).

HTTP/2 over TLS

RFC9113

HTTP/2 over TLS (h2).

Huffman encoding

RFC7541

HPACK Huffman encoding for HTTP/2 Literal Header values.

Identity content encoding

RFC2616

Default non-encoded data format for HTTP content.

Deflate content encoding

RFC1951

DEFLATE compressed data format for HTTP content.

GZIP content encoding

RFC1952

GZIP file format compression method for HTTP content.

Unsupported features

Specifications

Notes

HTTP authentication mechanisms

RFC6749, RFC5849

Suite doesn't support any dynamic HTTP authentication mechanisms, for example OAuth 2.0.

HTTP/1.x Upgrade to HTTP/2 connection

RFC7540

Upgrading connection from HTTP/1.x to HTTP/2. Parsing HTTP/1.x messages is not supported.

HPACK Dynamic table memory

RFC7541

Suite doesn't keep track of HPACK dynamic table indexes.

WebSocket frames with HTTP/2

RFC8441

Suite doesn't include built-in WebSocket connection initiation or messages during test run.

Web applications over HTTP/2

RFC9113

Suite doesn't support fuzzing web application specific logic over HTTP/2.

TLS renegotiation

MS-HTTP2E

TLS renegotiation or initiating alternative connections during the test run.

Supported SafeGuard checks

Notes

Information leakage

Echobleed for Ping.

Unprotected credentials

Secure connection usage.

Test tool general features

Fully automated black-box negative testing
Ready-made test cases
Written in Java(tm)
GUI command line remote interface modes
Instrumentation (health-check) capability
Support and maintenance
Comprehensive user documentation
Results reporting and analysis