Walking an Application

Built-in tools

• view-source
  • show hidden directories like assets
• inspector
• debugger
• network

Direct Object References (IDOR)

Objects such as images have predictable names like img1.png, img2.png, wonder if there would be img3.png too?