Access Control and Security Through Obscurity                               Chapter 8

            By highlighting any fields you come across, Burp allows you to pick up on secret info at the
            same time you're mapping your target application's attack surface.



            Data Leakage ` An End-to-End Example

            Let's try out some of our new techniques on WebGoat, OWASP's deliberately-vulnerable
            Java application. After navigating to MPDBMIPTU      8FC(PBU, go ahead and click on
            the link to register a new user and then log in.


            After you've logged in, you should be on the main WebGoat welcome page:
















































                                                    [ 138 ]