HACK STEPS ai Review the names and values of all parameters being submitted to the application, in the context of the functionality which they support. ... about the kind of sanitization being performed a for example, a function that echoes some user-supplied data back to the browser. ... Some such schemes may be extremely difficult to decipher given access to only a sample of obfuscated data.
|Title||:||The Web Application Hacker's Handbook|
|Author||:||Dafydd Stuttard, Marcus Pinto|
|Publisher||:||John Wiley & Sons - 2011-03-16|