Excessive trust in client side

Parameters may be used to control the application. These can be changed.

unconvential input

Consider

$transferAmount = $_POST['amount'];
$currentBalance = $user->getBalance();

if ($transferAmount <= $currentBalance) {
    // Complete the transfer
} else {
    // Block the transfer: insufficient funds
}

The amount may be negative, transferring money in the wrong direction.

Another example is to hava numbers overflow using max int (signed) 2,147,483,647

Or enter data that is bigger than a certain array size

very-long-string@YOUR-EMAIL-ID.web-security-academy.net

User cannot be trusted

When a security system is based on users always provice true information.

Example, when an admin page is only accessible from a certain domain, the useer changes his email to this domain and gets access.

Users won’t enter mandatory input

Example, a user can change his password when a parameter like the username is used. When the request is intercepted and the username is changed, the user can change somebody elses password.

Example, a token is used to reset a password, but the presence of this token is not. When you remove the token, the request is honored.

User does not follow intended flow

Example. an order is preocess, but the confirmation is ignored.

domain specific flaws

Example, reusing coupons. Example, infinite money generation

Crypto oracle

Example, authentication bypass using a crypto oracle

reference portswigger