ASVS Requirement 4.2.2

• Level: 3
• Chapter: V4 API and Web Service
• Section: V4.2 HTTP Message Structure Validation
• Source: 0x13-V4-API-and-Web-Service.md

Description

Verify that when generating HTTP messages, the Content-Length header field does not conflict with the length of the content as determined by the framing of the HTTP protocol, in order to prevent request smuggling attacks.