parameter tampering

parameter tampering

Modifying elements in the URL sent to a website in order to obtain unauthorized information. User queries are often passed to the database in the Web server by appending search arguments to the URL used to locate the site. By modifying the arguments (parameters) in the query, the malicious user can navigate the database and retrieve and/or modify its contents. See XSS.
Mentioned in ?
References in periodicals archive ?
CTG stated that the solution offers cyber security protection for online availability, parameter tampering, malware, website leeching and sensitive words of customers website.
Ultimately, a WAF is capable of uncovering fraudulent use of parameters (XSS, XSRF, SQL injection, parameter tampering, etc.
Improvements to existing SQL Injection, Cross-Site Scripting (XSS), and Parameter Tampering vulnerability detection.
The vulnerability assessments were carried out by Imperva's Application Defence Centre and found that the most common type of attacks were cross-scripting, SQL injection and parameter tampering.
The tool reveals Web application vulnerabilities using the same techniques used by hackers, including the manipulation of IT infrastructure vulnerabilities, parameter tampering, Web services and SOAP vulnerabilities, hidden field manipulation, cookie poisoning, stealth commanding, backdoor and debug options, database sabotage, buffer overflow attacks, data encoding, and protocol piggybacking.
New threats such as SQL injection, or parameter tampering can easily be thwarted with this next generation of traffic management appliances," says Greer.
TrafficShield's Application Flow Model (AFM) provides granular and comprehensive web application protection from both generalized and targeted web application attacks including buffer overflows, SQL injection, cross-site scripting, parameter tampering, and zero day attacks -- even for today's dynamic applications.
The product suite prevents the top Web application attacks as defined by the Open Web Application Security Project (OWASP) including buffer overflow, parameter tampering, cookie poisoning and SQL Injection.
The patent validates AppScan's unique ability to detect dynamic application-specific vulnerabilities such as cross-site scripting, SQL injection and parameter tampering.
AppShield, available as both standalone software and as an appliance, provides enterprise users with a failsafe defense against all application-level breaches, including cross site scripting, SQL injection and parameter tampering.
AppShield--available as both standalone software and as an appliance based on SUN's SunFire hardware platform--provides enterprise users with a failsafe defense against all application-level breaches, including cross site scripting, SQL injection and parameter tampering.

Full browser ?