-
Notifications
You must be signed in to change notification settings - Fork 0
/
3.Test Client-Side Controls.txt
67 lines (29 loc) · 1.62 KB
/
3.Test Client-Side Controls.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
Test Client-Side Controls
1.Test Transmission of Data Via the Client:
Locate all instances within the application where hidden form fi elds,
cookies, and URL parameters are apparently being used to transmit
data via the client.
Modify the item’s value in ways that are relevant to its role in the
application’s functionality.
If the application uses the ASP.NET ViewState , test to confi rm whether
this can be tampered with or whether it contains any sensitive information.
----------------------------------------------------------------------------------------------
2.Test Client-Side Controls Over User Input:
Identify any cases where client-side controls such as length limits and
JavaScript checks are used to validate user input before it is submitted
to the server. These controls can be bypassed easily, because you can
send arbitrary requests to the server.
example:
<form action=”order.asp” onsubmit=”return Validate(this)”>
<input maxlength=”3” name=”quantity”>
3.Test each affected input fi eld in turn by submitting input
HTML form to identify any disabled elements, such as
grayed-out submit buttons. For example:
<input disabled=”true” name=”product”>
------------------------------------------------------------------------------------------------------
4.Test Browser Extension Components:
Understand the Client Application’s Operation
Decompile the Client
Attach a Debugger
Test ActiveX controls
-----------------------------------------------------------------------------