Ask a Question

HTTP Method Fuzzing - 404 error

Occasional Contributor

HTTP Method Fuzzing - 404 error



I'm new to ReadyAPI, and I would like to know if it is typical to receive a 404 (Not Found) error when running HTTP method fuzzing security test? Is this normal.

The tests don't fail, they all pass. That doesn't make sense to me.

Please enlighten me.

Thank you.


Super Contributor


if you are fuzzing API path or path parameters, HTTP 404 Not Found can be the correct answer.


Let's use BankGround API as an example:

  • We have GET /accounts/{account_id} path
  • If you use the existing account_id, which belongs to your user, you will get HTTP 200 and a response body.
  • If you use fuzzy string, you should get HTTP 404 (resource does not exist) or HTTP 400 (incorrect parameter format).

Similarly, If you are fuzzing the request body, you should usually get 400 or 422 response, etc.


I hope it helps.
Occasional Contributor

Hi Karel,

Thank you for getting back to me.

I am HTTP fuzzing a GET request, but (as I'm sure you know) there are different methods being tested,

Having worked with HTTP for many years, it just took a little thought to come to the conclusion that what I am seeing in the response is acceptable for each method.

This link provides me with information about the various HTTP codes that exist with descriptions about what each code means.

In today's run I see 404 for a number of responses and a couple of 415s for a PUT and a POST. The PUT resulted in a Warning after 26ms, and the POST resulted in a PASS after 2734ms.

It would be nice if I could see the entire response code with the method included, but I don't think that is possible in ReadyAPI. Is it possible?



you can see the request (with the HTTP method) and response details; see the following screenshot.


Occasional Contributor

Have you worked with Smart Assertion?

If you have, then do you know how to restore Received Metadata?

I removed the information without copying the information down before removal. 

Showing results for 
Search instead for 
Did you mean: