HTTP Attacks

This article is almost six months old but "Detecting and Preventing HTTP Response Splitting and HTTP Request Smuggling Attacks at the TCP Level" is still valid (and interesting).