[Owasp-testing] Bypassing URL Authentication and Authorization with HTTP Verb Tampering
Matteo Meucci
matteo.meucci at gmail.com
Sun Jun 1 20:31:54 EDT 2008
Hi,
as you know Arshan has just released a new interesting paper about
"Bypassing URL Authentication and Authorization with HTTP Verb
Tampering".
He agreed to include this new test in the Testing Guide.
The question is, where we can add this new testing technique?
In the paragraph: "Testing for HTTP Methods" or in
"Authentication/Authorization" section?
I personally think that is a new way to test for HTTP Method
(manipulating the HTTP verb to bypass security controls), but what is
your opinion?
Thanks,
Mat
More information about the Owasp-testing
mailing list