<div>
<div class="content wysiwyg-content">
1) Can I ask what the security impact of having HTTP PUT and HTTP DELETE on a server are? Can you provide a technical impact of what this may cause and a business impact of what (if exploited) this may cause? <br />
<br />
2) What’s “at risk”, is it the availability of the server, or is it the data housed on the server/being pulled from the backend DB? I.e. how does the evidence of HTTP PUT compare to a SQL-injection flaw? <br />
<br />
3) Is HTTP PUT and HTTP DELETE disabled in IIS? Is there a default on why HTTP commands are allowed and/denied? Are by default HTTP PUT and DELETE allowed? <br />
<br />
4) Should these be disabled during the servers build phase?<br />
<br />
5) Is there any genuine reason why they would be enabled? I.e. any sort of web app that would rely on them?
</div>
</div>


1) Can I ask what the security impact of having HTTP PUT and HTTP DELETE on a server are? Can you provide a technical impact of what this may cause and a business impact of what (if exploited) this may cause? 

2) What’s “at risk”, is it the availability of the server, or is it the data housed on the server/being pulled from the backend DB? I.e. how does the evidence of HTTP PUT compare to a SQL-injection flaw? 

3) Is HTTP PUT and HTTP DELETE disabled in IIS? Is there a default on why HTTP commands are allowed and/denied? Are by default HTTP PUT and DELETE allowed? 

4) Should these be disabled during the servers build phase?

5) Is there any genuine reason why they would be enabled? I.e. any sort of web app that would rely on them?

HTTP PUT and DELETE

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

SSL / HTTPS

HTML (HyperText Markup Language) is the main markup language for creating web pages and other information to be displayed in a web browser, providing both the structure and content for what is sent from a web server through the use of tags. The current implementation of the HTML specification is HTML5.

HTML

Web development can range from developing the simplest static single page of plain text to the most complex web-based internet applications, electronic businesses, and social network services using a wide variety of languages and standards, including the familiar HTML, JavaScript and jQuery, ASP and ASP.NET, PHP, ColdFusion, CSS, PHP, Flex and Flash, but also the implementation of a broad list of standards including XML, WSDL, SSDL, VoiceXML and many more.