Sometimes, when testing an application, it’s not possible for us to observe data leakage or all side effects directly in the applications’ response. In certain situations, the attacker can cause the server-side application, or a secondary component in the backend to make outbound calls. These attacks are useful for both discovering the structure of the backend application, the number of servers, data centers used, as well as leaking data server-side from the application. Attacks could also queue up payload that our server might execute as part of a deferred processing job. Detecting these is crucial for the security of our app.