Step 2: Getting detailed information on each action
The second step in creating the security model is analyzing each user action to see what the legitimate traffic between the web browser and server look like when a user performs the action.
To find these details we need a way to intercept requests so that things such as headers and request method can be examined. Something that is very helpful here is a HTTP debugging proxy. This is a program that acts as a proxy between the web browser and the web server, and allows you to see detailed information about each request.
If you are using Microsoft Windows then one excellent free web debugging proxy is Fiddler, available at http://www.fiddler2.com/fiddler2/. For Linux, one alternative is Ethereal, available at http://www.ethereal.com.
Fiddler, and other web debugging proxies, give you access to a treasure trove of information about web requests, as seen in the following screenshot:
In the image above we can see that a request was made to ...
