For a good deal of business applications, we'll need to be the brains of the operation and help the tools understand how the application is expected to work. Proxy tools can help, and they can help us hone in on passed variables, showing us where the handoffs between client and server exist. Most application developers will only think to validate on one end or the other, and so, by catching them in one of these handoffs, we can often find some room to cause trouble. If it is an e-commerce site, we'll want to validate that the application doesn't let a proxy set its own price. If it is an HR site or healthcare portal, we'll want to ensure that deliberately invalid information cannot be submitted in the place of valid ...