As we mentioned before, the most important thing when you are looking for application logic vulnerabilities is to understand how the application works. To do so, it is essential to know the application's flow.
Following the flow
Spidering
Most of an application's functionality could be discovered just by navigating through the application; but as you reviewed in this book, there are features that are hidden in the requests and responses. For this reason, using a spidering tool during navigation is essential. Basically, all the different HTTP proxies we covered in Chapter 8, Top Bug Bounty Hunting Tools, have spidering tools. The basic idea of spidering is to extract all the links to internal or external resources...