- Parameter tampering is a form of Web-based hacking event (called an attack) in which certain parameters in the Uniform Resource Locator (URL) or Web page form field data entered by a user are changed without that user's authorization. This points the browser to a link, page or site other than the one the user intends (although it may look exactly the same to the casual observer). Parameter tampering can be employed by hackers and identity thieves to surreptitiously obtain personal or business information about the user.
Countermeasures specific to the prevention of parameter tampering involve the validation of all parameters to ensure that they conform to standards concerning minimum and maximum allowable length, allowable numeric range, allowable character sequences and patterns, whether or not the parameter is actually required to conduct the transaction in question, and whether or not null is allowed. Whitelisting (accepting only allowable input) is more effective than blacklisting (refusing to accept only forbidden input). A Web application firewall can provide some protection against parameter tampering, provided that it is configured properly for the site in use. Overall, the vulnerability of a computer or network to parameter tampering can be minimized by implementing a strict application security routine and making sure that it is kept up to date.
Learn more about Identity Theft and Data Security Breaches
Quiz: Data loss prevention: Take this five-question quiz to test your knowledge of Rich Mogull's data loss prevention material.
Elements of a data protection strategy: An overview of the importance of securing data for regulatory compliance and the five components of an enterprise data protection strategy.
bot worm(SearchSecurity.com) A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself...
CISP-PCI(SearchFinancialSecurity.com) CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit...
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.
Show me everything on 
- Parameter tampering is a form of Web-based hacking event (called an attack) in which certain parameters in the Uniform Resource Locator (URL) or Web page form field data entered by a user are changed without that user's authorization. This points the browser to a link, page or site other than the one the user intends (although it may look exactly the same to the casual observer). Parameter tampering can be employed by hackers and identity thieves to surreptitiously obtain personal or business information about the user.
Countermeasures specific to the prevention of parameter tampering involve the validation of all parameters to ensure that they conform to standards concerning minimum and maximum allowable length, allowable numeric range, allowable character sequences and patterns, whether or not the parameter is actually required to conduct the transaction in question, and whether or not null is allowed. Whitelisting (accepting only allowable input) is more effective than blacklisting (refusing to accept only forbidden input). A Web application firewall can provide some protection against parameter tampering, provided that it is configured properly for the site in use. Overall, the vulnerability of a computer or network to parameter tampering can be minimized by implementing a strict application security routine and making sure that it is kept up to date.
