Thin client insecurity

Recently, I started a review of what I thought was going to be a standard web application penetration test (WAPT). I began growing a little suspicious about this app when the client mentioned that I *had* to use IE to interact with the server. I always find amusement in statements like “This website is best viewed using Internet Explorer x or above”.

Read the article HERE.