I am using security testing for my java web application which is build on struts framework. The very first vulnerability I found by burp suit that, I am able to change request parameter values. Now how we can validate these values if some one changing parameter values. For ex. Name is passing with some value "Jhon",now by burp suit if I change this value to "Smith", then this value will be saved in my database. How I will validate this.
In the same way i am using captcha validation. This is also I am able to change from burp suit. Can any one please let us know how to handle this.
Thanks
Aucun commentaire:
Enregistrer un commentaire