Why is GET HTTP Request Method Unsuitable for Dealing With Sensitive Data?

Why is GET HTTP Request Method Unsuitable for Dealing With Sensitive Data?
May 19 10:00 2015 Print This Article

Functional testing, security testing, usability testing and other types of checking web, mobile and desktop software products differ due to specificities of web, mobile and desktop technologies.

Carrying out security testing of a web application, one should verify whether it is possible to fish out sensitive data by means of URL manipulations.

It is known that web software products mostly use GET and POST methods of HTTP requests for data exchange between a user machine and the server.

Specialists in manual and automated testing of web software security say that it isn’t recommended to utilize GET requests for work with sensitive data.

software testing company

Security Drawbacks of GET Request Method Are:

  • it is possible to catch a GET request;
  • GET requests are saved in the web browser history;
  • one can bookmark a GET request.

Cyber-attackers can take advantage of these GET request features and steal or damage users’ financial, personal data or another kind of sensitive business or private data.

Verifying safety of data transferring test engineers should act like hackers. In course of penetration testing one can try to capture and alter data sent to the server and received from the server. If the application behavior during such attacks is unpredictable, it is necessary to report and correct this security defect.

Related Posts:

About Article Author

view more articles
Nataliia Vasylyna
Nataliia Vasylyna

View More Articles