[Owasp-testing] Bypassing URL Authentication and Authorization with HTTP Verb Tampering
matteo.meucci at gmail.com
Sun Jun 1 20:31:54 EDT 2008
as you know Arshan has just released a new interesting paper about
"Bypassing URL Authentication and Authorization with HTTP Verb
He agreed to include this new test in the Testing Guide.
The question is, where we can add this new testing technique?
In the paragraph: "Testing for HTTP Methods" or in
I personally think that is a new way to test for HTTP Method
(manipulating the HTTP verb to bypass security controls), but what is
More information about the Owasp-testing