Attack Methodology: Discover ??? Use a debug proxy to intercept client-server communications ??? Observe application traffic and modify components of application traffic independently of the client ??? Look for hidden fields and notes embedded in the source ??? Developers tend to make assumptions about the integrity of ???client??? generated data, like headers and other data that is supposedly con