Applications may contain flaws, allowing unauthorized access by means of bypassing the authentication measures in place. Bypassing techniques include a direct page request (that is, forced browsing), parameter modification, session ID prediction, and SQL Injection.

For the purposes of this recipe, we will use parameter modification.