Include a unique, unpredictable token in every state-changing request (like POST or DELETE). The server validates this token before processing the request.
Experimenting with the application’s input fields and URL parameters without knowing the underlying source code to guess server behavior. gruyere learn web application exploits defenses top
Gruyere guides users through two primary security testing methodologies: Include a unique
Master Web App Hacking with Google Gruyere: Top Exploits and Defenses gruyere learn web application exploits defenses top
: Forcing users to perform unwanted actions without their knowledge. Data & Access Flaws
Based on the lessons learned from exploiting Gruyere, here are the you must bake into every web application.