I have java web application using struts 1.x. Recently my application has gone through penetration testing and our testers found some security holes. Let me explain. In my application i have 2 users called ‘Admin’ and ‘user’. First our PenTester logged to my application as ‘Admin’ and they use ‘Burp tool’ to intercept the request and copy the whole request content into notepad and then forward the request. Now My application log in as ‘Admin’. They use another browser instance to login as “user” and use burp tool to intercept the request. This time they removed the whole request content and copy back the whole request content of ‘Admin’ and then forward the request. Now my application logged in as ‘Admin’ without asking any user id/password? How to restrict this situation? I already stored userid in my session variable after successful login of each user. The moment they intercept the request and copy the ‘admin’ request content, my session variable userid also changed to ‘admin’. How to validate this situation? Your help is really appreciated.
- Java error: java.lang.IllegalArgumentException: adding a window to a container
- How to make Java string assert true
- Jave while loops
- Java OOP exercise
- Sum odd numbers program
- Server jar file missing (MCP 9.18)
- Netflix eureka Microservice
- Why is using Collection<String>.class illegal?
- Generate 8-byte number in Java
- Movie ticket calculation
- Withdraw money from ATM
- Polymorphism java 8
- Java win32 libraries/api
- Facial Expression recognition
- Recall the main method
- Woocommerce Different Products Different Currency
- Rails render js file but can't execute it
- My rotated TextView is cut off. What i have to do?
- Store object created by gson in greenDao
- Clicking on array of images to add them to Konva stage
- How to sort a Google Charts DataTable or DataView using a function?
- 2 column layout looping through MVC model c#
- Integrating SVN with TFS
- Rails - after_initialize or initializer
- xcode open url in second view controller based on button pressed in first view controller