Hi,
I'm new to ReadyAPI, and I would like to know if it is typical to receive a 404 (Not Found) error when running HTTP method fuzzing security test? Is this normal.
The tests don't fail, they all pass. That doesn't make sense to me.
Please enlighten me.
Thank you.
if you are fuzzing API path or path parameters, HTTP 404 Not Found can be the correct answer.
Let's use BankGround API as an example:
Similarly, If you are fuzzing the request body, you should usually get 400 or 422 response, etc.
I hope it helps.
Hi Karel,
Thank you for getting back to me.
I am HTTP fuzzing a GET request, but (as I'm sure you know) there are different methods being tested,
Having worked with HTTP for many years, it just took a little thought to come to the conclusion that what I am seeing in the response is acceptable for each method.
This link provides me with information about the various HTTP codes that exist https://www.restapitutorial.com/httpstatuscodes.html with descriptions about what each code means.
In today's run I see 404 for a number of responses and a couple of 415s for a PUT and a POST. The PUT resulted in a Warning after 26ms, and the POST resulted in a PASS after 2734ms.
It would be nice if I could see the entire response code with the method included, but I don't think that is possible in ReadyAPI. Is it possible?
you can see the request (with the HTTP method) and response details; see the following screenshot.
