Insecure HTTP Methods


Insecure HTTP methods other than GET and POST  are enabled on the web server.  The Hypertext Transfer Protocol (HTTP) which is outlined in  RFC 2616 makes available eight methods for web servers. These methods allow additional functionality that an attacker can use to conduct further attacks against the environment and its users. 

Custom Description


Risk Rating


How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas



Subscribe here in order to gain access to the AppSec Findings Database


Leave a Reply