Hi I'm new to Security of Web Applications.
I want to test my application for the same purpose.
I have a form, which has some fields and a submit button.
So User X is logged in and he submits the form and now I want to know how hackers can attack on my Application.
I have read I need to post the html code of my aspx page. But I dont know how can I post the form with incorrect data filled in form with html. So is there any tool to test this ? or If with html of my page how can I test it?
If it's ASP.NET MVC application.I suggest you to use AntitForgeryToken.If it's not ASP.NET MVC then Save Session Id in View State then viewstate will be acting like form token .Protect sessionid by using some encryption or signing mechanism and use SSL to prevent sniffing. Finally you just need to verify your sessionid and ViewState