Invalid HTTP Method Usage

invalid-http-method-usage

Invalid HTTP Method Usage describes an attack vulnerability that exploits HTTP requests. The HTTP protocol defines a set of request methods (GET, PUT, TRACE, etc.) to achieve a desired action to be performed on a given resource. When these guidelines aren’t followed, the security of an application is at risk.

For example, GET requests should be idempotent. A GET request should never change the application state, but poorly designed applications will use GET requests to update/delete information on the back-end database.

When used incorrectly, HTTP requests can lead to Invalid HTTP Method Usage attacks, and these can lead to exposures such as Cross-Site Request Forgery, Information Leakage, and accidental damage through crawlers, compromising the integrity of your application.

Additional Resources

HTTP Strict Transport Security
List of Common HTTP Headers
Beware the HTTP Path Parameter in Java

Appsec Platform

WhiteHat Vantage Platform

By Role

By Implementation

Government

By Need

Appsec Platform

WhiteHat Vantage Platform

By Role

By Industry

Government

By Need

Application Security Terminology

Invalid HTTP Method Usage

Additional Resources

Appsec Platform

WhiteHat Vantage Platform

By Role

By Implementation

Government

By Need

LOGIN

Appsec Platform

WhiteHat Vantage Platform

By Role

By Industry

Government

By Need

Application Security Terminology

Invalid HTTP Method Usage

Additional Resources

Application Security Resources

Intelligence-Directed DAST: A Practical Approach to Security Across the SDLC

AppSec Stats Flash

Sign up today for your personalized demo of the Application Security Platform