Hi Guys,
I know that Vaadin uses some kind of identification numbers which are placed within
an http request such as clientId or syncId. You can see these ids as some kind of protection methods against
automatic web application attacks. Using a security tool to pentest vaadin applications won’t work until
you increase the clientId by 1 for each request you send to the server. Otherwise you will get an “incorrect” response.
As a pentester I found out, there is a second similiar framework like vaadin which is called Eclipse RAP. This framework provides also some protection mehods against web application attacks. It has something like an identifier too which has to be increased for each request that is directed to the server. Of course… Sending requests directly from the UI increases the value of the identifier itself.
I would like to know if there is another framework which provides identfiers placed in the requests?
A closer look at Google Web Toolkit showed me that this framework doesn’t contain such number values.
Best regards,
Nazar Medeiros