Insecure HTTP Methods


Description

Insecure HTTP methods other than GET and POST  are enabled on the web server.  The Hypertext Transfer Protocol (HTTP) which is outlined in  RFC 2616 makes available eight methods for web servers. These methods allow additional functionality that an attacker can use to conduct further attacks against the environment and its users. 

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply