Playbook for web coupon and voucher code misuse
Fraud investigation is a big job for the retail and e-commerce companies. Mass enumeration of coupon numbers, voucher codes, discount tokens, etc. is one of them.
Identification of valid token codes providing some form of user benefit within the application. The benefit may be a cash alternative, a non-cash credit, a discount, or an opportunity such as access to a limited offer.
OTHER NAMES: Coupon guessing; Voucher, gift card and discount enumeration
Preparation, Identification, Remediation
All the steps at https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf