Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Tuesday, September 6, 2011

Discover HTTP Methods supported by your Web Server

Before performing HTTP method exploition test, you should have an complete knowledge of all the methods that are currently supported by your web server. To know that you can use the OPTIONS HTTP method, Which will show the list of allowed methods in your web server. To perform this test follow the below steps:


First open the command prompt and type the below command

telnet www.TargetApplication.com 80

OPTIONS / HTTP/1.1


in response you will get the below HTTP response header from server

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 06 Set 2011 04:32:03 GMT
Connection: close
Allow: GET, HEAD, POST, TRACE, OPTIONS, PUT, DELETE
Content-Length: 0


Now from this HTTP response header it is clear that "GET, HEAD, POST, TRACE, OPTIONS, PUT, DELETE" methods are currently supported by your web server.

No comments:

Post a Comment