Synopsys Software Integrity Group is now operating as Black Duck Software, Inc., a subsidiary of Synopsys. Click to learn more.

close search bar

Sorry, not available in this language yet

close language selection
HTTP Server Test Suite Data Sheet
Test Suite:
HTTP Server Test Suite
Direction:
Server

Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. This test suite can be used to test HTTP Server implementations for security flaws and robustness problems.

Used specifications

Specification
Title
Notes
RFC850
Standard for Interchange of USENET Messages
RFC1123
Requirements for Internet Hosts - Application and Support
RFC1808
Relative Uniform Resource Locators
RFC1945
Hypertext Transfer Protocol -- HTTP/1.0
RFC2068
Hypertext Transfer Protocol -- HTTP/1.1
RFC2109
HTTP State Management Mechanism
RFC2396
Uniform Resource Identifiers (URI): Generic Syntax
RFC2616
Hypertext Transfer Protocol -- HTTP/1.1
RFC2617
HTTP Authentication: Basic and Digest Access Authentication
RFC2743
Generic Security Service Application Program Interface Version 2, Update 1
RFC2965
HTTP State Management Mechanism
RFC3986
Uniform Resource Identifier (URI): Generic Syntax
RFC4178
The Simple and Protected Generic Security Service Application Program Interface (GSS-API) Negotiation Mechanism
RFC5322
Internet Message Format
RFC5843
Additional Hash Algorithms for HTTP Instance Digests
RFC5861
HTTP Cache-Control Extensions for Stale Content
RFC5987
Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters
RFC5988
Web Linking
RFC6265
HTTP State Management Mechanism
RFC6266
Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)
RFC7230
Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
RFC7231
Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
RFC7232
Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests
RFC7233
Hypertext Transfer Protocol (HTTP/1.1): Caching
RFC7234
Hypertext Transfer Protocol (HTTP/1.1): Range Requests
RFC7235
Hypertext Transfer Protocol (HTTP/1.1): Authentication
RFC7615
HTTP Authentication-Info and Proxy-Authentication-Info Response Header Fields
RFC7616
HTTP Digest Access Authentication
RFC7617
The 'Basic' HTTP Authentication Scheme
draft-hixie-thewebsocketprotocol-35
The Web Socket protocol
MS-NLMP
NT LAN Manager (NTLM) Authentication Protocol Specification
MS-SPNG
Simple and Protected Generic Security Service Application Program Interface Negotiation Mechanism (SPNEGO) Protocol Extensions

Tool-specific information

Tested messages
Specifications
Notes
GET
RFC2616
OPTIONS
RFC2616
HEAD
RFC2616
POST
RFC2616
PUT
RFC2616
DELETE
RFC2616
TRACE
RFC2616
CONNECT
RFC2616
LINK
RFC1945
UNLINK
RFC1945
The Web Socket Handshake
draft-hixie-thewebsocketprotocol-35

Supported features
Specifications
Notes
HTTP over TCP
RFC7230
HTTP over TCP (HTTP).
HTTP over TLS
RFC7230, RFC2818
HTTP over TLS (HTTPS).
Basic Authentication
RFC2617
HTTP Basic Authentication mechanism.
Digest Access Authentication
RFC2617
HTTP Digest Access Authentication mechanism.
Deflate content encoding
RFC1951
DEFLATE compressed data format for HTTP content.
GZIP content encoding
RFC1952
GZIP file format compression method for HTTP content.

Unsupported features
Specifications
Notes
WebSocket frames
draft-hixie-thewebsocketprotocol-35
Suite doesn't support WebSocket connection initiation or frames during test run.
Web applications over HTTP
N/A
Suite doesn't support fuzzing web application specific logic over HTTP.
Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis