WebApp Sec mailing list archives
Re: GET and POST Methods Accepted
From: John GALLET <john.gallet () wanadoo fr>
Date: Thu, 13 Oct 2005 14:40:18 +0200 (CEST)
Hi there,
Do any of you test for this issue - what are your results?
It is so easy (check curl lib for example if you want to send post data in automated scripts) to provide your application with the data the way you want it, be it GET, POST, COOKIE, that it's not even worth bothering checking how it came in. Test the contents of your data, not the way the vars were transmitted. Same goes for anything provided by the client such as referrer for example. HTH JG PS : French speakers might be interested in www.saphirtech.com/securite.html about what's totally useless in terms of security considering how easy to spoof.
Current thread:
- GET and POST Methods Accepted Welsh, Ed (Oct 12)
- Re: GET and POST Methods Accepted Joe Teff (Oct 12)
- Re: GET and POST Methods Accepted christopher baus (Oct 12)
- Re: GET and POST Methods Accepted Stephen de Vries (Oct 13)
- Re: GET and POST Methods Accepted christopher baus (Oct 13)
- Re: GET and POST Methods Accepted Stephen de Vries (Oct 13)
- Re: GET and POST Methods Accepted Damien Watson (Oct 13)
- Re: GET and POST Methods Accepted Serg Belokamen (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted Amit Klein (AKsecurity) (Oct 13)
- Re: GET and POST Methods Accepted John GALLET (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted John GALLET (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted Paul Laudanski (Oct 18)
- <Possible follow-ups>
- RE: GET and POST Methods Accepted Derick Anderson (Oct 13)
- RE: GET and POST Methods Accepted christopher baus (Oct 13)
- RE: GET and POST Methods Accepted Joe Teff (Oct 13)
- RE: GET and POST Methods Accepted christopher baus (Oct 13)
- RE: GET and POST Methods Accepted Derick Anderson (Oct 14)