HTTP requests can include methods beyond GET and POST. As a penetration tester, it is important to determine which other HTTP verbs (that is, methods) the web server allows. Support for other verbs may disclose sensitive information (for example, TRACE) or allow for a dangerous invocation of application code (for example, DELETE). Let's see how Burp can help test for HTTP verb tampering.
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Preface
- Getting Started with Burp Suite
- Getting to Know the Burp Suite of Tools
- Configuring, Spidering, Scanning, and Reporting with Burp
- Assessing Authentication Schemes
- Assessing Authorization Checks
- Assessing Session Management Mechanisms
- Assessing Business Logic
- Evaluating Input Validation Checks
- Attacking the Client
- Working with Burp Macros and Extensions
- Implementing Advanced Topic Attacks
- Other Books You May Enjoy
Testing for HTTP verb tampering
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.