OFFENSIVE | DEFENSIVE | WIKI | ABOUT

<<



GENERAL INFORMATION

GOAL: Test if the functionality is doing what is supposed to do, it is validating actions ?
	
NOTES:

- Important to analyze the requests using burpsuite.
- Check for actions, shopping cart, prices, etc.
- Check input user validation.
- You can try with positive/negative values and check if the behavior is changing. 

SAMPLE: productId=1&redir=PRODUCT&quantity=1&price=3700
	
- Sometimes the logic is broken and you can affect the behavior or the values.

SAMPLE: productId=2&redir=PRODUCT&quantity=-1

- Check if exist some coupons or any other functionality on the site, but is correctly validating ?
	
			

NO CONTROLS
NOTES:

- Requests inspection is needed.
- Test if you can access functionality that should be available only for administrator or known users.
- It is important to read if exist any behavior for specific users. 

SAMPLE:

URI_PATH: http://URL/admin
	

GO BACK