Data tampering attacks

Most web application attacks involving soliciting a website with manually entered data to generate an unexpected context.

Web application parameters

The HTTP protocol, a communication protocol on the web, makes it possible to convey parameters in the form of requests; it can do so in several ways:

It is crucial to understand that all these data transmission methods can be easily manipulated by a user and that, as a result, user data should not be considered as reliable. In this respect, security cannot be based on client verifications (values proposed by an HTML form or by Javascript codes verifying the accuracy of data).

In addition, the establishment of an SSL connection does not at all protect against the manipulation of sent data, but merely certifies the confidentiality of transported information between the end user and the website.

As such, all web application designers must necessarily verify data, as related both to their value (minimum and maximum for numeric data, character check for a string), and their type and length.

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
Related
This document, titled « Data tampering attacks », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).

Subscribe To Our Newsletter!

The Best of CCM in Your Inbox

Subscribe To Our Newsletter!