When itthey hasare passed multiple parameters with the same name, here is how thevarious back backendends behavesbehave.<ref name="owasp_hpp">{{cite web|title=WSTG - Latest:Testing for HTTP Parameter Pollution|url=https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution}}</ref>
{| class="wikitable"
|+ Behaviour when "param" is passed the values "val1" & "val2"
|+ Behaviour
|-
! Technology !! Parsing result !! Example
Line 41 ⟶ 42:
==Types==
===Client-side===
* First Order / Reflected HPP<ref name="owasp_hpp_paper">{{cite web|url=https://owasp.org/www-pdf-archive/AppsecEU09_CarettoniDiPaola_v0.8.pdf|title=HTTP Parameter Pollution|authorsauthor1=Luca Carettoni and |author2=Stefano Di Paola }}</ref>
* Second Order / Stored HPP<ref name="owasp_hpp_paper" />
* Third Order / DOM HPP<ref name="owasp_hpp_paper" />
Line 65 ⟶ 66:
== Bibliography ==
* {{Cite conference|lastlast1=Balduzzi|firstfirst1=Marco|last2=Torrano-Gimenez|first2=Carmen|last3=Balzarotti|first3=Davide|last4=Kirda|first4=Engin|date=2011|title=Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications|url=https://www.researchgate.net/publication/221655534_Automated_Discovery_of_Parameter_Pollution_Vulnerabilities_in_Web_Applications221655534|conference=Proceedings of the Network and Distributed System Security Symposium, NDSS 2011|ref=CITEREFBalduzziTorrano-GimenezCarmenKirda2011|via=[[ResearchGate]]}}
