Get the Flash Player to see this video.

Description - It includes Exploiting Hidden Fields, Exploiting Unchecked Emails and Bypassing Client Side JavaScript Validation. Exploiting Hidden Fields: Developers will use hidden fields for tracking, login, pricing, etc.. information on a loaded page. While this is a convenient and easy mechanism for the developer, they often don't validate the information that is received from the hidden field. This lesson will teach the attacker to find and modify hidden fields to obtain a product for a price other than the price specified. It is always a good practice to validate all inputs. Exploiting Unchecked Emails: Most sites allow non-authenticated users to send e-mail to a 'friend'. This is a great mechanism for spammers to send out email using your corporate mail server. Bypassing Client Side JavaScript Validation: Client-side validation should not be considered a secure means of validating parameters. This validation only helps reducing the amount of server processing time for normal users who do not know the format of required input. Attackers can bypass these mechanisms easily in various ways. Any client-side validation should be duplicated on the server side. This will greatly reduce the likelihood of insecure parameter values being used in the application