Classic .asp form, able to validate client side but need to validate a password field for min 8 alphanumeric characters plus a wild card (#$?@ etc.) on server side.
Security team testing site use 'Burp' to intercept submission after client side validation has run. They can then modify form data and submit it to database.