The Web parameter tampering attack is based on the manipulation of parameters
exchanged between client and server in order to modify application data, such as user
credentials and permissions, price and quantity of products, etc. Usually, this information is
stored in cookies, hidden form fields, or URL Query Strings, and is used to increase
application functionality and control. This attack takes advantage of the fact that many
programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in
a URL) as the only security measure for certain operations. Attackers can easily modify
these parameters to bypass the security mechanisms that rely on them.
What is the best way to protect web applications from parameter tampering attacks?
A.
Validating some parameters of the web application
B.
Minimizing the allowable length of parameters
C.
Using an easily guessable hashing algorithm
D.
Applying effective input field filtering parameters