We've got IDA's who are testing our work by attempting to SQL-inject harmless code into our project(s).
Because of the way we have both DEV and PRODUCTION set up, whenever their attempts cause an error, all they see is a generic error message that comes with a 200 response. This is going into the webserver log as 200.
In order to see what happened, the IDA's have to pull the PCAP data and manually scan that, looking for the events.
Is there a way to trigger something other than 200 responses, so all they have to do is look at the webserver logs?
(Yeah.. I know.. a dev actually trying to make an IDA's job a little easier???? Has Hell frozen over??)