Download =link= — Tamper Data

As a developer, you should assume attackers have already downloaded tamper data tools. Here is how to stop them:

Intercept a request to /profile?id=123 . Change the ID to 124 . If the server does not check your session permissions, you just viewed another user’s private data. tamper data download

From this window, the user could: