I have a query, could you please answer ?
Say, I have a https url and I have set all the http requests to be accessed via burp proxy configuration. In a generic case, if we are accessing the url from a client like firefox, we know that we may hit security exceptions for multiple domains and we need to add security exception for each of those. once after crossing security exceptions, we can access the url and user name and password can be accessed via burp (by setting intercept to ON).
1) If we are able to access the web app after adding security exceptions for multiple domains, then does it mean that web app has not handled security issues correctly ?
2) Also, should the client like firefox or the server on which web app is running need to handle such security issues ?