protocol-security
Safeguard articles tagged "protocol-security" — guides, analysis, and best practices for software supply chain and application security.
4 articles
HTTP/2 CONTINUATION Flood: Inside CVE-2024-27316 and the Frame-Based DoS Class
A single TCP connection with no END_HEADERS flag was enough to crash major HTTP/2 servers — worse than Rapid Reset, and it took the industry a decade to check for it.
Hardening HTTP/2 against protocol-level DoS attacks
HTTP/2 Rapid Reset hit Google with 398 million requests per second in 2023 — a single protocol quirk, not a bug in any one server, drove the largest DDoS ever disclosed.
Terrapin SSH protocol downgrade attack explained
Terrapin (CVE-2023-48795) lets an on-path attacker silently strip packets from SSH handshakes. Here's how the downgrade works and how to check exposure.
MCP Server Discovery Protocol Security
MCP server discovery turns a client connection string into a live capability graph. The protocol mechanics that make this convenient also widen the blast radius when discovery is spoofed, tampered with, or silently reshaped mid-session.