1. An application may use the HTTP Referer header to control access without any overt indication of this in its normal behavior. How can you test for this weakness?
2. You log in to an application and are redirected to the following URL:
https://wahh-app.com/MyAccount.php?uid=1241126841
The application appears to be passing a user identifi er to the MyAccount.php page. The only identifi er you are aware of is your own. How can you test whether the application is using this parameter to enforce access controls in an unsafe way?
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here