- Added testcases for bypassing frontend validation.

- Improved layout of the lesson
- Fixed JavaScript issues with 'let'
This commit is contained in:
Nanne Baars
2017-06-16 01:16:31 +02:00
parent bf210de013
commit edceba73fe
5 changed files with 105 additions and 48 deletions

View File

@ -1,4 +1,5 @@
== Validation
Often, there is some mechanism in place to prevent users from sending altered
field values to server, such as validation before sending. Most of popular browsers
such as Chrome don't allow editing scripts during runtime. We will have to circumvent

View File

@ -1,10 +1,11 @@
== Concept
Users have a great degree of control over the front-end of the web application.
They can alter HTML code, sometimes also scripts. This is why
apps that require certain format of input should also validate on server-side.
== Goals
* The user should have a basic knowledge of HTML
* The user should be able to tamper a request before sending (with proxy or other tool)
* The user will be able to tamper with field restrictions and bypass client-side validation