http-trace – WindowsTechs.com

Why if a server response contain both Public: TRACE and Allow: TRACE then responds with 405 NOT allowed?

Posted on October 29, 2020 by Maicake

SCENARIO:
I’m testing a web application. To test if TRACE is enabled I used both
nmap –script http-methods target.com

and
curl -k -i -X OPTIONS target.com

After running the former I get
443/tcp open https
| http-methods:
| Supporte… Continue reading Why if a server response contain both Public: TRACE and Allow: TRACE then responds with 405 NOT allowed?→

Is Using SSL secure enough to post request login credentials to my backend server?

Posted on May 13, 2020 by atahanksy

I hope everyone is doing okay.

I’ve built a React.js website which is hosted in a server with SSL, but I’m not sure whether it’s secure or not. That’s why I decided to ask you for some advice/tips or solutions that will make my website se… Continue reading Is Using SSL secure enough to post request login credentials to my backend server?→

Is it still possible to use HTTP TRACE for XSS in modern Web Browsers?

Posted on August 23, 2019 by Awaaaaarghhh

Let’s assume we are talking about top 10 most used web browsers: Usage share of web browsers

https://www.cgisecurity.com/questions/httptrace.shtml

‘TRACE’ is a HTTP request method used for debugging which echo’s back
input back … Continue reading Is it still possible to use HTTP TRACE for XSS in modern Web Browsers?→