Following are some of the most common HTTP server errors. The “500 Internal Server Error” is for requests that cannot be obliged by servers. The “501 Not Implemented” is for servers not supporting requests. The “502 Bad Gateway” is for servers receiving invalid responses from upstream servers. The “503 Service Unavailable”is for servers not being available due to overload or maintenance procedures being performed. The “504 Gateway Timeout” is for servers not receiving timely responses. And last, but not least, the “505 HTTP Version Not Supported” error is for when the HTTP version is not one that is supported by the server.
Along with HTTP server errors, it is also important for security testers to study HTTP methods. It is not necessary to be adept at using all of these, but the most basic HTTP method i.e. GET / HTTP / 1.1 is a must for security testers to know. The GET method is for retrieving data by URI. The HEAD is the same as the GET, the only difference being that it only retrieves header info of HTML documents, not the document bodies themselves. The OPTIONS is for requesting info on the options available. The TRACE is for starting remote loopbacks in the Application Layer for the request message. The CONNECT is for proxies than swithc dynamically to tunnel connections like Secure Sockets Layer (SSL). The DELETE is for requesting for the identified resource to be deleted by the origin server. The PUT methods is for requesting that the entities are stored under Request-URI. And the POST is for allowing data to be posted or sent to web servers.
Basic knowledge of the HTTP methods can be utilized to send requests to web servers and determine which OS the web server uses with the help of the generated output. Known vulnerabilities can also be found accordingly.
