A Simple Solution to Prevent Parameter Tampering in Web Applications

Abstract: Business over the internet such as banking and several online services are growing rapidly. Similarly, social media web portals are also getting more and more involved in our daily life. Since these applications are popular and consist of personal and valuable data, they attract malicious attacks to their vulnerable points. The weakness can also be faced in all businesses and institutions that do not care the necessary security steps. The web parameter tampering is one of the major attacks which is based on th… Show more

“…Web parameter tampering is included by four type of attacks, "Injection", "Insecure Direct Object References", "Invalidated Redirects" and "Forwards and Missing Function Level Access Control" (Menemencioğlu & Orak, 2017).…”

“…Detecting and preventing tampering attacks, there are three approach, static, dynamic, and hybrid analysis (Menemencioğlu & Orak, 2017). Static approach is based absence of integrity constraint enforcement (Zhang et al, 2011), dynamic approach is processed during execution time by checking web server responses without needing modification of application codes (Menemencioğlu & Orak, 2017).…”

“…Static approach is based absence of integrity constraint enforcement (Zhang et al, 2011), dynamic approach is processed during execution time by checking web server responses without needing modification of application codes (Menemencioğlu & Orak, 2017). Hybrid approach uses static analysis and provide dynamic approach with runtime detector.…”

“…Researches in security field will effect the related preventing security products and they increase the internet usage. (Menemencioğlu & Orak, 2017) proposed a detection system for preventing parameter tampering based on the Deterministic Finite State Machine (DFSM) which uses hybrid analysis approach. A technical description is detailed in related research, only a brief description is included here.…”

“…The accumulated data which consist of prevented attack registries, is analysed in previous research (Menemencioğlu & Orak, 2017). Beyond that study, geographical effects of the proposed system are analysed and discussed in below.…”

Geographical Assesment of Results From Preventing the Parameter Tampering in a Web Application

“…Web parameter tampering is included by four type of attacks, "Injection", "Insecure Direct Object References", "Invalidated Redirects" and "Forwards and Missing Function Level Access Control" (Menemencioğlu & Orak, 2017).…”

“…Detecting and preventing tampering attacks, there are three approach, static, dynamic, and hybrid analysis (Menemencioğlu & Orak, 2017). Static approach is based absence of integrity constraint enforcement (Zhang et al, 2011), dynamic approach is processed during execution time by checking web server responses without needing modification of application codes (Menemencioğlu & Orak, 2017).…”

“…Static approach is based absence of integrity constraint enforcement (Zhang et al, 2011), dynamic approach is processed during execution time by checking web server responses without needing modification of application codes (Menemencioğlu & Orak, 2017). Hybrid approach uses static analysis and provide dynamic approach with runtime detector.…”

“…Researches in security field will effect the related preventing security products and they increase the internet usage. (Menemencioğlu & Orak, 2017) proposed a detection system for preventing parameter tampering based on the Deterministic Finite State Machine (DFSM) which uses hybrid analysis approach. A technical description is detailed in related research, only a brief description is included here.…”

“…The accumulated data which consist of prevented attack registries, is analysed in previous research (Menemencioğlu & Orak, 2017). Beyond that study, geographical effects of the proposed system are analysed and discussed in below.…”

Geographical Assesment of Results From Preventing the Parameter Tampering in a Web Application