Описание тега tampering

At the most basic level, a test case is just a series of inputs and expected outputs. Security testing requires tweaking input in ways normally prohibited by well-behaved, normal web browsers.

Security vulnerabilities can be exploited from any type of input. We intend to take you beyond functional testing, and help you tamper with forms, files, GET, POST, AJAX, cookies, headers, and more.

This chapter suggests many ways of tampering with input and may even include common attack patterns, but does not go into detail on the most famous of web security flaws such as XSS, CSRF, and SQL Injection.

Depending on the environment you are given, you might be executing your tests against development servers, staging (i.e., pre-production), or separate QA/testing servers. We would discourage testing against production web applications, unless you really have no alternative. Depending on which environment you’re using, you have a few pitfalls to be aware of and avoid.

If you test against development, be aware that your test environment probably does not map well to your production environment. Web servers, application servers, and the application itself.