During a web assessment you notice the "price" field in an online shop's Add-to-Cart form is bounded by JavaScript to prevent any value lower than the catalog price. To verify whether the back-end actually rechecks that value, what is the MOST appropriate next step?
Inject SQL meta-characters into the price field during login to determine if the back-end is vulnerable.
Turn off JavaScript in the browser, refresh the page, and observe whether the form submits without validation.
Intercept the HTTP request with a web proxy and manually lower the price value before forwarding it to the server.
Disable all cookies, reload the page, and try submitting the form again to see if the server accepts an empty session.
Client-side JavaScript validation can be bypassed because an attacker can alter the HTTP request after the browser has performed its checks. Capturing the POST request in an intercepting proxy such as Burp Suite or OWASP ZAP and modifying the price parameter before forwarding lets the tester observe whether the server enforces its own validation. If the transaction succeeds at the altered price, the server relies solely on client-side controls and is vulnerable. Simply deleting cookies or clearing cache does not affect the parameter. SQL injection targets database queries, not the integrity of a numeric field. Loading the page without JavaScript only prevents the form from submitting; it does not actively test server-side validation. Therefore, intercepting and editing the request is the correct technique for bypassing and testing client-side controls.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a web proxy and how is it used during web assessments?
Open an interactive chat with Bash
Why is client-side validation insufficient for security?
Open an interactive chat with Bash
What is server-side validation and how does it protect against vulnerabilities?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .