Users interact with applications through browsers. When the user submits information, the browser has to send a request back to the web server. Since the information being sent is controlled by the user, the web application should not trust it without validation. An example of Client-State manipulation is modifying the request in a URL to gain admin access on a website. Once an attacker has admin access, he or she would be able to alter the website or gain private information that could be seen with an admin account.
Well written post on client state manipulation! In this, users submits information and then the browser has to send a request back to the web server. Thanks!
ReplyDeleteelectronic signatures