HTTP Server Suite Data Sheet
Test Suite:
HTTP Server Suite
Direction:
Server

Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. This test suite can be used to test HTTP Server implementations for security flaws and robustness problems.

Used specifications

Specification
Title
RFC850

Standard for Interchange of USENET Messages

RFC1123

Requirements for Internet Hosts - Application and Support

RFC1808

Relative Uniform Resource Locators

RFC1945

Hypertext Transfer Protocol -- HTTP/1.0

RFC2068

Hypertext Transfer Protocol -- HTTP/1.1

RFC2109

HTTP State Management Mechanism

RFC2396

Uniform Resource Identifiers (URI): Generic Syntax

RFC2616

Hypertext Transfer Protocol -- HTTP/1.1

RFC2617

HTTP Authentication: Basic and Digest Access Authentication

RFC2743

Generic Security Service Application Program Interface Version 2, Update 1

RFC2965

HTTP State Management Mechanism

RFC3986

Uniform Resource Identifier (URI): Generic Syntax

RFC4178

The Simple and Protected Generic Security Service Application Program Interface (GSS-API) Negotiation Mechanism

RFC5322

Internet Message Format

RFC5843

Additional Hash Algorithms for HTTP Instance Digests

RFC5861

HTTP Cache-Control Extensions for Stale Content

RFC5987

Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters

RFC5988

Web Linking

RFC6265

HTTP State Management Mechanism

RFC6266

Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)

RFC7230

Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing

RFC7231

Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

RFC7232

Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests

RFC7233

Hypertext Transfer Protocol (HTTP/1.1): Caching

RFC7234

Hypertext Transfer Protocol (HTTP/1.1): Range Requests

RFC7235

Hypertext Transfer Protocol (HTTP/1.1): Authentication

RFC7615

HTTP Authentication-Info and Proxy-Authentication-Info Response Header Fields

RFC7616

HTTP Digest Access Authentication

RFC7617

The 'Basic' HTTP Authentication Scheme

draft-hixie-thewebsocketprotocol-35

The Web Socket protocol

MS-NLMP

NT LAN Manager (NTLM) Authentication Protocol Specification

MS-SPNG

Simple and Protected Generic Security Service Application Program Interface Negotiation Mechanism (SPNEGO) Protocol Extensions

Tool-specific information

Tested messages
Notes
Specifications
GET
RFC2616
OPTIONS
RFC2616
HEAD
RFC2616
POST
RFC2616
PUT
RFC2616
DELETE
RFC2616
TRACE
RFC2616
CONNECT
RFC2616
LINK
RFC1945
UNLINK
RFC1945
The Web Socket Handshake
draft-hixie-thewebsocketprotocol-35

Supported SafeGuard Checks

Unprotected credentials

Remote Execution

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis