Lesson Plan Title: Client Side Validation

Concept / Topic To Teach:

It is always a good practice to validate all input on the server side. Leaving the mechanism for validation on the client side leaves it vulnerable to reverse engineering. Remember, anything on the client side should not be considered a secret.

General Goal(s):

For this exercise, your mission is to discover a coupon code to receive an unintended discount. Then, exploit the use of client side validation to submit an order with a cost of zero.