This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Testing for HTTP Incoming requests (OTG-INPVAL-017)"

From OWASP
Jump to: navigation, search
(Summary)
(Test Objectives)
Line 3: Line 3:
  
 
== Test Objectives ==
 
== Test Objectives ==
 +
1. Monitor all incoming and outgoing http requests to the Web Server to inspect any suspicious requests.
 +
2. Monitor http traffic without changes of end user Browser proxy or client-side application.
  
 
== How to Test ==
 
== How to Test ==

Revision as of 22:51, 9 April 2016

Summary

This section describes how to monitor all incoming/outgoing http requests on both client or web server side. The purpose of this testing is to verify if there is unnecessary or suspicious http request sending in the background.

Test Objectives

1. Monitor all incoming and outgoing http requests to the Web Server to inspect any suspicious requests. 2. Monitor http traffic without changes of end user Browser proxy or client-side application.

How to Test

Tools

References