TL;DR: Step-one workflow: walk every feature as a normal user, watch traffic in Burp, note auth boundaries before testing anything.
Stub — to be filled in.
What it is
TODO
Preconditions / where it applies
TODO
Technique
TODO
Detection and defence
TODO
References