Hunting Security Bugs

Server code sometimes assumes that only legitimate clients will send well- formed requests. These assumptions often cause security problems and should not be made. By writing a custom client, using a security proxy, or using a program that allows sending custom requests, you can send requests that violate these assumptions. These techniques can be used as a starting point to find bugs such as information disclosure, buffer overflows, script injection, SQL injection, design flaws that take advantage of the programs logic, and other types of bugs in the server.