Data tampering attacks

April 2017
Most web application attacks involving soliciting a website with manually entered data to generate an unexpected context.

Web application parameters

The HTTP protocol, a communication protocol on the web, makes it possible to convey parameters in the form of requests; it can do so in several ways:

It is crucial to understand that all these data transmission methods can be easily manipulated by a user and that, as a result, user data should not be considered as reliable. In this respect, security cannot be based on client verifications (values proposed by an HTML form or by Javascript codes verifying the accuracy of data).

In addition, the establishment of an SSL connection does not at all protect against the manipulation of sent data, but merely certifies the confidentiality of transported information between the end user and the website.

As such, all web application designers must necessarily verify data, as related both to their value (minimum and maximum for numeric data, character check for a string), and their type and length.

Related



Attaques par falsification de données
Attaques par falsification de données
Attacco da falsificazione dei dati
Attacco da falsificazione dei dati
Ataques por falsificação de dados
Ataques por falsificação de dados
Latest update on October 16, 2008 at 09:43 AM by Jeff.
This document, titled "Data tampering attacks," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).