Hidden Risks in Web Code

A look at the HTML source code behind Web sites can often reveal security issues that would never be uncovered by those blissfully ignorant of the code. This bug report will examine two common methods of maintaining state and passing data in Web-based systems–hidden form fields and the HTTP GET method–and demonstrate some of the associated security risks through an examination of HTML code.