![]() ![]() Since there is no RFC standard specifying how a web server should respond to multiple parameters, and every web server technology can define the default behavior. HTTP parameter pollution tests how the applications responds to multiple parameters with the same name. Verify that the application has defenses against HTTP parameter pollution attacks, particularly if the application framework makes no distinction about the source of request parameters (GET, POST, cookies, headers, or environment variables).
0 Comments
Leave a Reply. |