Method Tampering
Understanding the Security Risks of Method Tampering
Prevent Method Tampering EffectivelyTable of Contents
What is method tampering?
Method tampering (aka verb tampering and HTTP method tampering) is an attack against authentication or authorization systems that have implicit "allow all" settings in their security configuration. This type of attack takes advantage of vulnerabilities in HTTP verb authentication (also known as HTTP method authentication) and access control mechanisms.
HTTP provides a list of methods that can be used to perform specific actions. In the list of HTTP methods, GET and POST are most commonly used by developers to access information provided by a web server. But HTTP also provides several other methods and many of these can pose a critical security risk for a web application, as they allow an attacker to modify the files stored on the web server, delete a web page on the server, and upload a web shell to the server, which can lead to the theft of user credentials.
Contrast is the clear customers’ choice
Contrast is named a Customers’ Choice in the 2021 Gartner Peer Insights “Voice of the Customer”: Application Security Testing report. With the highest percentage of 5-star ratings, this is the third consecutive year Contrast has received this powerful endorsement from customers.
Built for Developers. Trusted by Security.
Learn Secure Code
CROSS SITE SCRIPTING (XSS)
Learn about Cross site scripting (XSS) and how it affects your Java source code
SQL INJECTION
Learn about SWL injection and how it affects your Java source code
CLIENT SIDE INJECTION
Learn about client-side injection and how it can affect your source code