Web attacks

Data tampering attacks

URL manipulation
Attacchi da falsificazione di dati Ataques por falsificação de dados Angriffe durch Datenverfälschung Attaques par falsification de données Ataques por manipulación de datos
Most web application attacks involving soliciting a website with manually entered data to generate an unexpected context.

Web application parameters

The HTTP protocol, a communication protocol on the web, makes it possible to convey parameters in the form of requests; it can do so in several ways:

It is crucial to understand that all these data transmission methods can be easily manipulated by a user and that, as a result, user data should not be considered as reliable. In this respect, security cannot be based on client verifications (values proposed by an HTML form or by Javascript codes verifying the accuracy of data).

In addition, the establishment of an SSL connection does not at all protect against the manipulation of sent data, but merely certifies the confidentiality of transported information between the end user and the website.

As such, all web application designers must necessarily verify data, as related both to their value (minimum and maximum for numeric data, character check for a string), and their type and length.

Last update on Thursday October 16, 2008 02:43:15 PM.This document entitled « Data tampering attacks » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.

Best answers for « Data tampering attacks » in :
Cyber-crooks targeting social-networking websites Show
Buffer overflow attacks Show Buffer overflow introduction "Buffer overflow" (sometimes called buffer overrun) attacks are designed to trigger arbitrary code execution by a program by sending it more data than it is supposed to receive. Programs that accept parameterized input...
Replay attack Show Replay attack "Replay" attacks are "Man in the middle" attacks that involve intercepting data packets and replaying them, that is, resending them as is (with no decryption) to the receiving server. As a result, depending on the context, the hacker...
Backup Outlook 2003 data ShowBackup Outlook 2003 data All Outlook 2003 data ( Emails, Agenda, Contacts, Tasks...) are in one file with .pst extension The file is in the following default folder: C:\Documents and Settings\Login\Local Settings\Application...
[Ingres] Importing/ Exporting data Show[Ingres] Importing/ Exporting data Making use of these commands copydb unloaddb Notes Ingres allows you to export data from an Ingres installation to another (it is a platform independent procedure). unloaddb copydb The main...
Data transmission - Cabling ShowCabling types Several physical data-transmission media are available to connect together the various devices on a network. One possibility is to use cables. There are many types of cables, but the most common are: Coaxial cable Double twisted...
Network cards ShowWhat is a network card? A network card (also called a Network Adapter or Network Interface Card, or NIC for short) acts as the interface between a computer and a network cable. The purpose of the network card is to prepare, send, and control data...
Data transmission - Introduction ShowData representation The purpose of a network is to transmit information from one computer to another. To do this, you first have to decide how to encode the data to be sent, in other words its computer representation. This will differ according to...
They need your help