HTTP request smuggling is increasingly exploited by hackers in the wild and in bug bounty programs. This post will explain the HTTP request smuggling attack with remediation tips. HTTP request smuggling is an attack technique that abuses how two HTTP devices send requests between each other (typically a front-end proxy or a HTTP-enabled firewall and a backend server) or chaining multiple servers together with different configurations.

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

Bug bounties – some argue that this is one of the buzzwords of the decade in the cybersecurity industry. Whatever you want to label it, it’s a trend that we can’t ignore these days. A lot of companies are taking part in it, so what’s it all about? There were many valuable soundbites to take from this, and especially from podcast guest, Fredrik N. Almroth (@almroot) because he’s hacked all the tech giants and more. If you can name it, he’s probably hacked it.