Basic Security Testing Tips

1) URL manipulation through HTTP GET methods: The tester should check if the application passes important information in the query-string. This happens when the application uses the HTTP GET method to pass information between the client and the server. The information is passed in parameters in the query-string. The tester can modify a parameter value in the query-string to check if the server accepts it. Via HTTP GET request user information is passed to server for authentication or fetching data. Attacker can manipulate every input variable passed from this GET request to server in order to get the required information