GET HTTP Request Method and Sensitive Data

GET HTTP Request Method and Sensitive Data
May 19 10:00 2015 Print This Article

Functional testing, security testing, usability testing and other types of checking web, mobile and desktop software products differ due to specificities of web, mobile and desktop technologies.

Carrying out security testing of a web application, one should verify whether it is possible to fish out sensitive data by means of URL manipulations.

It is known that web software products mostly use GET and POST methods of HTTP requests for data exchange between a user machine and the server.

Specialists in manual and automated testing of web software security say that it isn’t recommended to utilize GET requests for work with sensitive data.

Security Drawbacks of GET Request Method Are:

  • it is possible to catch a GET request;
  • GET requests are saved in the web browser history;
  • one can bookmark a GET request.

Cyber-attackers can take advantage of these GET request features and steal or damage users’ financial, personal data or another kind of sensitive business or private data.

Verifying safety of data transferring test engineers should act like hackers. In course of penetration testing one can try to capture and alter data sent to the server and received from the server. If the application behavior during such attacks is unpredictable, it is necessary to report and correct this security defect.

Related Posts:

About Article Author

view more articles
Nataliia Vasylyna
Nataliia Vasylyna

View More Articles

0 Comments

write a comment

No Comments Yet!

You can be the one to start a conversation.

Add a Comment

Your data will be safe! Your e-mail address will not be published. Also other data will not be shared with third person.
All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.