A 2015 case on HackerOne highlighted the need for thorough testing of even the most minor user interface elements in web security, as a small language change feature led to an Open Redirect, internal misrouting and server instability.
Security researcher, Seif Elsallamy, discovered the issue when he noticed that vulnerable URLs could be manipulated to redirect users to external domains; for example, when switching the language to English, users were redirected to http://example.com.
This highlights the need for rigorous security testing of all aspects of web applications, especially those that may involve redirects or external links, to avoid potentially serious security and privacy issues.
This case study is a great example to organisations and developers and highlights the need for more holistic testing beyond just functionality and usability.