ASVS Requirement 4.1.4

• Level: 3
• Chapter: V4 API and Web Service
• Section: V4.1 Generic Web Service Security
• Source: 0x13-V4-API-and-Web-Service.md

Description

Verify that only HTTP methods that are explicitly supported by the application or its API (including OPTIONS during preflight requests) can be used and that unused methods are blocked.