- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
Invalid HTTP Method Usage describes an attack vulnerability that exploits HTTP requests. The HTTP protocol defines a set of request methods (GET, PUT, TRACE, etc.) to achieve a desired action to be performed on a given resource. When these guidelines aren’t followed, the security of an application is at risk.
For example, GET requests should be idempotent. A GET request should never change the application state, but poorly designed applications will use GET requests to update/delete information on the back-end database.
When used incorrectly, HTTP requests can lead to Invalid HTTP Method Usage attacks, and these can lead to exposures such as Cross-Site Request Forgery, Information Leakage, and accidental damage through crawlers, compromising the integrity of your application.