[WEB SECURITY] Bypassing URL Authentication and Authorization with HTTP Verb Tampering

Martin O'Neal martin.oneal at corsaire.com
Thu May 29 10:25:44 EDT 2008

Ok, so you've changed your mind then; the HEAD-redirect-to-GET isn't
anything unique. 

Which leaves you with making people aware of the problems with
implicit-allow rules.  Which is old news.  Which is where we started


Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list