Definition
Parameter tampering is a cyber threat in which an attacker manipulates parameters exchanged between the client (browser) and the server to gain unauthorized access or alter application data. This technique enables attackers to exploit an application beyond its intended purpose.
Parameter Tampering Examples
- Identity theft: Attackers can compromise user ID values within the browser to gain unauthorized access to other accounts.
- E-commerce fraud: An attacker can change the quantity or price of items in a shopping cart, resulting in significant financial losses for the e-commerce business.
Pros and Cons of Parameter Tampering
Pros
- From an attacker’s viewpoint, parameter tampering is a simple and effective technique for exploiting web application vulnerabilities.
Cons
- From the application’s perspective, parameter tampering can cause unauthorized access, significant data exposure, and severe loss if not properly handled.