Updating intrusion detection report

Read more about why application logging is the way to go.

Some resources may allow both GET and POST methods e.g.

Links from third party sites/services may included additional parameters (e.g. Additional cookies headers may be added by other applications or by third parties such as advertisers, and there may be very little control over these. Example 5: A URL path parameter with the same name as a form parameter is sent with the request.

Additional HTTP headers may be added by intermediate network devices (e.g. Example 1: Additional form or URL parameters submitted with request (e.g. Example 2: A parameter is defined more than once in the URL Query String. Cross references: Example 1: The user submits a form field with more characters than the form's maxlength attribute and client-side validation would allow.

Duplicated parameters may be an indication of attempted HTTP parameter pollution.Note: source port number should not be used in checks since this usually changes very frequently.Example 1: User A's session is compromised and User B begins using the account.Users may be confused between a username, customer identification code and their account number, or even between offline and online identifiers.Mis-typing might add a character like "]" or "#" if these are adjacent to the ENTER/CR key.

Leave a Reply