Forum Discussion
Hi,
Actually, this is a question for you, your developers or security testers.
If it is possible to send some request to your web application server that will cause it to response with the contents of the, say, page 2, then definitely you should be able to record such request using LoadUIWeb and replay it back getting access to page 2 without being logged-in.
Whether to consider such possibility as an acceptable application's behaviour or as a security problem is up to you and your company.
Actually, this is a question for you, your developers or security testers.
If it is possible to send some request to your web application server that will cause it to response with the contents of the, say, page 2, then definitely you should be able to record such request using LoadUIWeb and replay it back getting access to page 2 without being logged-in.
Whether to consider such possibility as an acceptable application's behaviour or as a security problem is up to you and your company.
Hi shaunrichmond,
Is your API public? If so, can you provide us with its URL?
Related Content
- 8 years ago
- 3 years ago
- 2 years ago
- 11 months ago
Recent Discussions
- 3 years ago
- 3 years ago
- 4 years ago