[NF-767] TSR Integration -> Security Issue -> Response Code after HTTP method fuzzing - Workterra Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: High
Resolution: Won't Do
Affects Version/s: None
Fix Version/s: None
Component/s: Integrations
Labels:
None

Module:
Platform - Security
Reported by:
Harbinger
Item State:
Stage QA - Production Deployment on Hold
Issue Importance:
Q2

Dev Estimates:
12
Code Reviewed By:

Vijayendra Shinde

Description

HTTP Method Fuzzing
An HTTP Method Fuzzing Scan attempts to use other HTTP verbs (methods) than those defined in an API. For instance, if you have defined GET and POST, it will send requests using the DELETE and PUT verbs, expecting an appropriate HTTP error response and reporting alerts if it doesn't receive it.
Sometimes, unexpected HTTP verbs can overwrite data on a server or get data that shouldn't be revealed to clients.
Alert Reported for PUT, PATCH, DELETE,POST methods:
Valhttps://workterra.atlassian.net/browse/NF-767#id HTTP Status Codes: Response status code:400 is not in acceptable list of status codes

APIs :
• Show Tours in Company
GET https://stage.workterra.net/api/tours/getTours
• Add Employee and Assign Tour
POST https://stage.workterra.net/api/employee/addEmployeeTour

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Pass_Local.JPG
69 kB
10/Aug/17 08:52 AM

Activity

People

Assignee:: Kunal Kedari (Inactive)

Reporter:: Prasad Pise (Inactive)

Developer:: Saurabh Sablaka (Inactive)

QA:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 31/Mar/17 07:55 AM

Updated:: 15/Dec/20 02:40 AM

Resolved:: 22/Mar/18 12:05 PM

Dev Due Date:: 16/May/2017

Pre-Prod Due Date:: 07/Aug/2017

Production Due Date:: 17/Aug/2017

Code Review Date:: 17/May/2017

Time Tracking

Estimated:

12h

Remaining:

Logged: