Assets
—
Here you’ll be able to find a bunch of useful links and sample code/requests to use when testing.
Check for Malicious Code Injections in in-app browsers
HTTP Request XSL sample
<HTTPRequest> <Credential> <Attributes/> </Credential> <RequestLine> <Method>GET</Method> <URI>/app/home?TAM_OP=logout&URL=/app</URI> <Version>HTTP/1.1</Version> </RequestLine> <Scheme>http</Scheme> <Headers> <Header name="host">ibm.com</Header> <Header name="referer">https://dev.ibm.com/</Header> <Header name="user-agent">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0</Header> </Headers> <Cookies> <Cookie name="PD_STATEFUL">app</Cookie> </Cookies> </HTTPRequest>
HTTP Response XSL Sample
<HTTPResponse> <Credential> <Attributes/> </Credential> <ResponseLine> <Version>HTTP/1.1</Version> <StatusCode>302</StatusCode> <Reason>Found</Reason> </ResponseLine> <Headers> <Header name="content-language">en-US</Header> <Header name="content-type">text/plain</Header> <Header name="location">http://dev.ibm.com/login</Header> </Headers> <Cookies/> <HTTPRequest> <Credential> <Attributes/> </Credential> <RequestLine> <Method>GET</Method> <URI>/app/home?TAM_OP=login&USERNAME=unauthenticated&ERROR_CODE=0x00000000</URI> <Version>HTTP/1.1</Version> </RequestLine> <Scheme>http</Scheme> <Headers> <Header name="host">ibm.com</Header> <Header name="referer">https://dev.ibm.com/</Header> <Header name="user-agent">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0</Header> </Headers> <Cookies> <Cookie name="PD_STATEFUL">app</Cookie> </Cookies> </HTTPRequest> </HTTPResponse>