2 min read
Should I GET or Should I POST? - The Clash With HTTP Conformance
apidays Munich

The greatest threat to your API’s reliability isn’t always a complex zero-day exploit, but rather a simple, collective misunderstanding of foundational HTTP semantics.

In this session, we will move beyond HTTP conformance theory and demonstrate the tangible consequences of broken HTTP semantics. Attendees will participate in a live, interactive hacking demonstration where we will execute a Cache Poisoning attack directly on their devices and turning a standard web application into fluent Klingon. Once the mechanics of the attack are understood, we will deconstruct the problem. We will analyze the malicious production traffic and explore how such vulnerabilities can be automatically detected. Finally, we will answer the most critical question: How can we prevent these issues before they reach production?

Drawing on insights from both academic research and practical experience, we will explore how awareness for HTTP conformance can be integrated into your API lifecycle, enabling you to move from reactive traffic analysis to proactive API hardening. Key Takeaways for the Audience:

  • The Hidden Risks of Non-Conformance: Understand the real-world implications of ignoring HTTP semantics.
  • Proactive API Hardening: Learn how to analyze HTTP traffic and integrate automated semantic conformance checks into your API lifecycle.
  • Beyond OpenAPI: See why a syntactically correct API specification is only half the battle, and how to validate the underlying semantic HTTP contract.