search for: carettoni

Today there was a posting by Stefano di Paola to the Web Security Mailing List, http://www.webappsec.org/lists/websecurity about "HTTP Parameter Pollution", with a reference to his and Luca Carettoni presentation at http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf The point is that different web servers/backends behave differently when handling requests such as GET /foo?par1=val1&par1=val2 HTTP/1.1 User-Agent: Mozilla/5.0 Host: Host Accept: */*...