Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test for Web cache deception attack #905

Closed
krizhanovsky opened this issue Feb 5, 2018 · 0 comments
Closed

Test for Web cache deception attack #905

krizhanovsky opened this issue Feb 5, 2018 · 0 comments
Assignees
@avbelov23
Labels
security test
Milestone
1.1: TBD

Comments

@krizhanovsky
Copy link
Contributor

krizhanovsky commented Feb 5, 2018
edited
Loading

Implement a functional test using the attack scenario. Tempesta FW must not disregard Cache-Control header, regardless configuration of caching by URI resource suffix. Add the attack description and that we're safe against it to the web security wiki page.

Please develop the test in the new framework.
@krizhanovsky krizhanovsky added this to the 0.10 Kernel-User Space Transport milestone Feb 5, 2018
@krizhanovsky krizhanovsky modified the milestones: 0.10 Kernel-User Space Transport , 0.6 KTLS Mar 22, 2018
@krizhanovsky krizhanovsky modified the milestones: 0.6 KTLS, 0.7 HTTP/2 Jul 15, 2018
@krizhanovsky krizhanovsky modified the milestones: 0.7 HTTP/2, 1.1 QUIC Aug 9, 2018
@krizhanovsky krizhanovsky modified the milestones: 1.1 QUIC, 1.0 Beta, 0.7 HTTP/2 Sep 9, 2018
@krizhanovsky krizhanovsky assigned avbelov23 and unassigned vladtcvs Nov 15, 2018
@avbelov23 avbelov23 mentioned this issue Nov 22, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@avbelov23 avbelov23

Labels
security test
Projects
None yet
Milestone
1.1: TBD
Development

No branches or pull requests
3 participants
@krizhanovsky @vladtcvs @avbelov23