Ignoring the semantics of HTTP methods such as GET and POST can have disastrous security repercussions. You might think that using GET methods for deleting entities is fine since you only need to pass a single identifier and do not want to set up its own HTML form for doing so. Please let me convince you of the opposite. HTTP Semantics Before we can go into detail why this distinction matters for web application security, we need to grasp the ...

Bernhard Knasmüller on Software Development