I have read about at least two scandals recently, where people could by tickets for a lower price or free. In this post, I'd like to show what mistake leads to this kind of vulnerability. I have simplified the IT part so anyone can read my post and understand it, you don't have to be an IT expert. Let’s assume you have a ticket sales portal, with three tickets, daily, weekly and monthly for €50, €200 and €500 respectively. Anyone can click on a ticket and buy it. If your programmer has no clue about online security, placing a link like this on each ticket would be acceptable for him or her: https://tickets.example.com/ticketsales.php?price=50 https://tickets.example.com/ticketsales.php?price=200 https://tickets.example.com/ticketsales.php?price=500 If you click on the weekly, you would navigate to the payment page: https://tickets.example.com/ticketsales.php?price=200 Ticket Payment Page Your price is €200. Choose paym