Data tampering attacks

December 2016
Most web application attacks involving soliciting a website with manually entered data to generate an unexpected context.

Web application parameters

The HTTP protocol, a communication protocol on the web, makes it possible to convey parameters in the form of requests; it can do so in several ways:

It is crucial to understand that all these data transmission methods can be easily manipulated by a user and that, as a result, user data should not be considered as reliable. In this respect, security cannot be based on client verifications (values proposed by an HTML form or by Javascript codes verifying the accuracy of data).

In addition, the establishment of an SSL connection does not at all protect against the manipulation of sent data, but merely certifies the confidentiality of transported information between the end user and the website.

As such, all web application designers must necessarily verify data, as related both to their value (minimum and maximum for numeric data, character check for a string), and their type and length.


Related :


Attaques par falsification de données
Attaques par falsification de données
Attacco da falsificazione dei dati
Attacco da falsificazione dei dati
Ataques por falsificação de dados
Ataques por falsificação de dados
This document entitled « Data tampering attacks » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.