I am tester of an ASP-based web system.There's a page which is used by user to purchase items. During the confirmation, I notice that the total payment (the total amount that user must pay) is stored in hidden input field, lets say its USD 10.000. It's very easy for anyone to change this value to 1 or even 0 and complete the payment.May I know what strategy I should use to overcome this problem ? How can the programmer perform this kind of validation ?
Security in ASP during payment
- Thread starter alexone
- Start date