Server side validation
Classic .asp form, able to validate client side but need to validate a password field for min 8 alphanumeric characters plus a wild card (#$?@ etc.) on server side.
Security team testing site use 'Burp' to intercept submission after client side validation has run. They can then modify form data and submit it to database.
I don't know what "burp" is, but if you google the tiltle of your posting you will find many articles like this
on how to do server side validation.