mikefrank1
Occasional Contributor
Joined 3 years ago
User Profile
User Widgets
Contributions
Detailed Security Log Results for RESTFUL API
When I run a Security Scan, such as Cross Site Scripting, I'm not finding a detailed log for each test. I find a summary for each test indicating that a pass or fail was the result, but no details about each test. I tried generating different types of logs, but none of them meet the criteria that I am seeking. So, let's say that one of my security scans looks like this --> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> I'm not seeing that scan and the results in a log. How do I generate detailed log results/479Views0likes1CommentRe: HTTP Method Fuzzing - 404 error
Hi Karel, Thank you for getting back to me. I am HTTP fuzzing a GET request, but (as I'm sure you know) there are different methods being tested, Having worked with HTTP for many years, it just took a little thought to come to the conclusion that what I am seeing in the response is acceptable for each method. This link provides me with information about the various HTTP codes that exist https://www.restapitutorial.com/httpstatuscodes.html with descriptions about what each code means. In today's run I see 404 for a number of responses and a couple of 415s for a PUT and a POST. The PUT resulted in a Warning after 26ms, and the POST resulted in a PASS after 2734ms. It would be nice if I could see the entire response code with the method included, but I don't think that is possible in ReadyAPI. Is it possible?636Views0likes2CommentsHTTP Method Fuzzing - 404 error
Hi, I'm new to ReadyAPI, and I would like to know if it is typical to receive a 404 (Not Found) error when running HTTP method fuzzing security test? Is this normal. The tests don't fail, they all pass. That doesn't make sense to me. Please enlighten me. Thank you.730Views0likes4Comments