http verb misconfiguration : can suggest me measures how can prevent http verb tampering in web application when have , post methods implemented in our web applications.
there's page here maintained open web application security project on testing http verb tampering. basically, use utility send request using each method (a.k.a. verb) , check request handled safely. key point made on page is:
although each http method can potentially return different results, there single valid result methods other , post. web server should either ignore request or return error. other response indicates test failure server responding methods/verbs unnecessary. these methods should disabled.
