PortSwigger Research Sheds Light on HTTP/1.1 Vulnerabilities, Urges Industry Shift Toward Safer Protocols
PortSwigger first brought this class of vulnerabilities to prominence in 2019. Now, new research shows that over 22 million websites – including major household names – have remained susceptible to brand new variants of these attacks. Drawing on six years of research, Kettle is calling on the technology community to recognize that request smuggling is not simply an implementation flaw, but rather an inherent vulnerability in the HTTP/1.1 protocol.
'The time has come to acknowledge that this isn't an issue with individual websites, but a fundamental flaw that's baked into the protocol,' said PortSwigger's Director of Research, James Kettle. 'Over the last six years, the industry has not properly fixed request smuggling. It's time we recognize that we can't patch our way to a secure HTTP/1.1 - the foundation is broken and only safe for the simplest of systems. The only real solution is to cut the problem out at the root by retiring the now decades-old technology that still underpins around 50% of communication between browsers and websites - HTTP/1.1.'
PortSwigger is supporting Kettle's research with a call to action:
Groundbreaking new research – James Kettle's 2025 desync paper demonstrates novel vectors never before seen.
New educational resources – A hands-on Web Security Academy lab teaches the latest request smuggling techniques in a safe environment.
Enhanced Burp Suite tooling – New versions of HTTP Request Smuggler and the brand-new HTTP Stream Hacker allow researchers to test for these issues both manually and through scalable automation.
PortSwigger stands alone in the cybersecurity industry by offering an unparalleled combination of original research, comprehensive training resources, and deeply integrated testing tools. With Burp Suite Professional and Burp Suite DAST, security professionals are uniquely empowered to detect complex infrastructure-level vulnerabilities, including advanced request smuggling variants that often evade traditional scanning solutions.
Through these innovative offerings, PortSwigger is leading the way toward a safer, more secure web.
Read Kettle's research here: https://portswigger.net/research.
PortSwigger is a leading provider of web application security solutions, best known for its industry-leading Burp Suite software. The company is dedicated to equipping security professionals and organizations with the tools and knowledge to stay ahead of evolving cyber threats. Learn more at portswigger.net.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Wire
39 minutes ago
- Business Wire
Ideagen Announces Acquisition of WorkSafe Guardian to Expand EHS Solutions and Protect Lone Workers
NOTTINGHAM, England--(BUSINESS WIRE)-- Ideagen, a global leader in health, safety and risk management software, has announced the acquisition of WorkSafe Guardian (WSG), an Australian-based provider of lone-worker safety solutions. The addition of WorkSafe Guardian to our portfolio demonstrates our commitment to investing in powerful safety solutions that help businesses protect their staff and operations and address a growing segment of worker safety concern. Share The move enhances Ideagen's portfolio of environmental, health, safety and quality (EHSQ) solutions while reinforcing its presence in the Asia-Pacific region. Speaking about the acquisition, Ideagen CEO, Ben Dorks, said: 'Lone workers are often the most vulnerable of any workforce, either because they are going into unpredictable environments or because it's difficult to alert help if they get into difficulty. 'Organizations have a duty to protect their people, but this is a challenge when the nature of their work takes them into situations they can't control. For industries like health and social care, agriculture or construction, this is a daily occurrence. 'The addition of WorkSafe Guardian to our portfolio demonstrates our commitment to investing in powerful safety solutions that help businesses protect their staff and operations and address a growing segment of worker safety concern.' With more than 15% of the global workforce estimated to be classified as a lone worker (source: National Safety Council), the need for innovative safety systems to protect this workforce has never been greater. Greg Lindner, Co-founder and Director of WorkSafe Guardian, said: 'Joining Ideagen represents an important milestone for WorkSafe Guardian. It provides us with an incredible opportunity to bring our innovative solutions to a much broader global audience, while also enabling us to offer our customers an expanded portfolio of tools and resources to address their compliance needs. 'We're excited to combine our expertise with Ideagen's global network and industry-leading solutions, ensuring we continue to deliver exceptional value and support to our clients.' WorkSafe Guardian advanced lone-worker safety solution offers an app-based service that provides 24/7 monitoring, real-time emergency response and reporting features. By combining their industry expertise with Ideagen's global reach and innovative EHS platform, this acquisition will streamline safety management processes and reduce risks for businesses. The acquisition aligns with Ideagen's broader mission to empower organizations with cutting-edge software to enhance operational excellence and drive compliance in risk-heavy environments. From healthcare professionals working alone on home visits to field workers in utilities and construction, the Ideagen WorkSafe Guardian suite will deliver integrated tools designed to safeguard team members wherever their responsibilities take them. This is Ideagen's fifth acquisition of 2025 and underscores Ideagen's commitment to building a robust suite of solutions existing within its Asia-Pacific footprint, which already includes Beakon (acquired earlier in 2025), Ideagen Damstra (January 2024), Ideagen Plant Assessor (January 2024), Ideagen OpCentral (November 2023), Ideagen Lucidity (October 2023), Ideagen OnePlace Solutions (May 2023) and Ideagen CompliSpace (December 2021). About Ideagen Ideagen is a trusted leader in governance, risk and compliance software, supporting organizations globally with solutions that enhance operational performance, address regulatory requirements and mitigate risk. Serving industries including healthcare, manufacturing, energy and financial services, Ideagen's products empower businesses to operate with confidence in an unpredictable world. Learn more at
Business Wire
2 days ago
- Business Wire
Destiny Tech100 Inc. Reports Second Quarter 2025 Results
NEW YORK--(BUSINESS WIRE)--Destiny Tech100 Inc. (NYSE: DXYZ) today announced financial results for the quarter ended June 30, 2025. The fund reported a net asset value (NAV) of $6.92 per share of common stock, up from $6.31 per share at the end of the first quarter of 2025. As of June 30, 2025, Destiny Tech100's investment portfolio had an aggregate fair value of approximately $76.8 million, including short-term investments. The fund maintains positions in a variety of privately-held technology companies. Additional Information For more information about the Tech100 fund, Destiny XYZ Inc., the Fund's parent company, has made extensive resources available on its website. Prospective investors and the general public are encouraged to visit (in the Literature section) to receive the Fund's most recent annual report and other important information. About Destiny Tech100 Destiny Tech100 ('DXYZ' and 'Tech100'), is a publicly-listed registered closed-end fund that intends to invest in a portfolio of 100 of the top venture-backed private technology companies, providing everyday investors access to many of the world's most exciting private businesses. Destiny Tech100 Inc. is currently listed on the New York Stock Exchange under the ticker symbol 'DXYZ.' For a comprehensive list of holdings, visit the fund website at
Business Wire
2 days ago
- Business Wire
Supermicro Announces Participation in Upcoming Investor Events
SAN JOSE, Calif.--(BUSINESS WIRE)-- Super Micro Computer, Inc. (Nasdaq: SMCI) ('Supermicro' or the 'Company'), a Total IT Solution Provider for AI, Cloud, Storage, and 5G/Edge, today announced its participation in the upcoming investor conferences: Event: Keybanc Tech Leadership Forum Date: August 11, 2025 Fireside Chat: 11:30am MT Location: Park City, UT Event: Citi Global TMT Conference Date: September 4, 2025 Fireside Chat: 9:30am ET Location: New York, NY Event: Goldman Sachs Communacopia + Technology Conference Date: September 8-9, 2025 1x1 meetings only Location: San Francisco, CA About Super Micro Computer, Inc. Supermicro (NASDAQ: SMCI) is a global leader in Application-Optimized Total IT Solutions. Founded and operating in San Jose, California, Supermicro is committed to delivering first-to-market innovation for Enterprise, Cloud, AI, and 5G Telco/Edge IT Infrastructure. We are a Total IT Solutions manufacturer with server, AI, storage, IoT, switch systems, software, and support services. Supermicro's motherboard, power, and chassis design expertise further enables our development and production, enabling next-generation innovation from cloud to edge for our global customers. Our products are designed and manufactured in-house (in the US, Taiwan, and the Netherlands), leveraging global operations for scale and efficiency and optimized to improve TCO and reduce environmental impact (Green Computing). The award-winning portfolio of Server Building Block Solutions® allows customers to optimize for their exact workload and application by selecting from a broad family of systems built from our flexible and reusable building blocks that support a comprehensive set of form factors, processors, memory, GPUs, storage, networking, power, and cooling solutions (air-conditioned, free air cooling or liquid cooling). Supermicro, Server Building Block Solution, and We Keep IT Green are trademarks and/or registered trademarks of Super Micro Computer, Inc.
