Questions tagged [tampering]

Tampering: is a process for doing Security testing of web application

At the most basic level, a test case is just a series of inputs and expected outputs. Security testing requires tweaking input in ways normally prohibited by well-behaved, normal web browsers.

Security vulnerabilities can be exploited from any type of input. We intend to take you beyond functional testing, and help you tamper with forms, files, GET, POST, AJAX, cookies, headers, and more.

This chapter suggests many ways of tampering with input and may even include common attack patterns, but does not go into detail on the most famous of web security flaws such as XSS, CSRF, and SQL Injection.

Depending on the environment you are given, you might be executing your tests against development servers, staging (i.e., pre-production ), or separate QA/testing servers. We would discourage testing against production web applications, unless you really have no alternative. Depending on which environment you’re using, you have a few pitfalls to be aware of and avoid.

If you test against development, be aware that your test environment probably does not map well to your production environment. Web servers, application servers, and the application itself.

73 questions

vote

2 answers

Anti-tampering and code obfuscation tool for iOS Swift

I'm looking for an open source for antitampering and Code obfuscation tool for my iOS project. Some library like Proguard in Android. I found iXGuard and Dexprotector are paid tools. I'm looking for some open source tool. Any help will be…

asked Sep 03 '20 at 11:37

Divya MG

vote

1 answer

Is it possible to tamper client-side code in Angular app?

I'm not much experienced in JavaScript programming or Angular app development, but my general understanding is, when JavaScript reaches the client end, it can be tampered. I've come across some sample implementation of role-based authorization in…

javascript angular security role-based-access-control tampering

asked Sep 28 '19 at 12:16

atiyar

7,762
6
34
75

vote

0 answers

Basic tampering protection

I'm trying to create a basic program that has tampering protection on the licenseCheck function, however it always says it's correct, even if I nop the whole licenseCheck function in Ollydbg or change and rebuild the code. I'm following the…

c++ tampering software-protection

asked Jan 08 '18 at 10:30

JeffreyZ

vote

0 answers

Keeping apps tamper proof

Currently designing an iOS app that has functionality including the transfer of in-game currency to real-world currency. ( within Xcode using swift, it’s a mobile game ) Since this app includes the prospect of real money, I couldn’t help but feel…

swift xcode security tampering

asked Dec 28 '17 at 06:19

callum schenk

vote

2 answers

Where is the "right" place to check if a querystring has been tampered with?

I want to add Querystring "checking" and logging in the case of any "tampered with" querystrings. Is the Page_Init event on a given page the right place to do that in the ASP.Net page lifecycle?

asp.net query-string security tampering

asked Dec 05 '10 at 03:47

BuffDev1

vote

1 answer

Parameter tampering prevention using parameterized queries

Is it possible to prevent parameter tampering by using parameterized queries in classic asp. If it's not what is the proper way to prevent it? Thank you.

parameters asp-classic parameterized tampering

asked May 07 '16 at 12:47

Grigoris Papoutsis

vote

1 answer

Preventing tampering of posted fields (e.g. Id) in the .NET Framework

I am developing this in ASP.Net MVC5. Given the following example: I update all the fields of entity A. Before I post however I change the hidden input field of A's Id, and change it to that of B's Id. Now all my updates are pushed onto B. Are…

asp.net asp.net-mvc security tampering

asked Jan 18 '16 at 22:03

Norman Bentley

vote

2 answers

Prevent password from tampered by proxies/tools at client's workstation?

Recently our web application has been gone through Audit. Th auditor came up with following finding: Although SSL has been implemented and enforced, this only implies that there is network encryption (i.e. if someone uses a network sniffing …

encryption https client-side password-protection tampering

asked Jan 23 '15 at 06:19

Suresh

vote

2 answers

how to analyze calls made from an iphone app

Is it possible to monitor the network calls (http and https) made from an iPhone application? Is it possible to install a proxy server and log all the network calls made in the network?

iphone networking tampering

asked Sep 09 '14 at 03:21

Tamil

1,173
1
13
35

vote

3 answers

Pass data from page to page safely

I am looking forward for a method to pass data from page to page safely and avoid as It's possible the tampering. The best way to solve it, is to save the sensitive data on db server. Or using session persist on db server. Or whatever method that…

asp.net security tampering

asked Nov 20 '09 at 09:20

profanis

2,741
3
39
49

vote

1 answer

How to repair a modified address bar with php

PHP newbie, I'm trying to make my site tamper proof. I want to reload the page url if somebody modifies the url in the browser address bar. One way I've thought of would be to store the page url in a session variable, to be reused in case of…

php url address-bar tampering

asked Apr 22 '13 at 20:47

Horbat

vote

2 answers

Check for missing (nonexistent / tampered) query string and redirect to a 400 BAD REQUEST page (WebMatrix / Razor syntax)

I can test query strings parameters: Request.QueryString["value"].IsEmpty() Request.QueryString["value"].Isint() Etc. But how can I avoid that there is no query string at all ? In other words, I want to prevent users to access the root of each…

query-string webmatrix bad-request tampering

asked Sep 27 '12 at 17:46

user1455103

vote

3 answers

Python: encryption as means to prevent data tampering

Many of my company's clients use our data acquisition software in a research basis. Due to the nature of research in general, some of the clients ask that data is encrypted to prevent tampering -- there could be serious ramifications if their data…

python encryption data-integrity tampering

asked Jul 24 '09 at 16:39

Mark Rushakoff

249,864
45
407
398

vote

1 answer

sniffing and tampering requests and responses of web sites, how prevent?

i am working on security and other stuff about my web sites. in my country online payments work like paypal. mean you should pass some parameters such as Amount,MerchantID,ReturnURL,ResNum(OrderID) by post method to bank and bank will pass some…

c# asp.net web-services sniffing tampering

asked May 08 '12 at 08:12

SilverLight

19,668
65
192
300

votes

1 answer

Prevent data tampering in Response

While reading The Web Application Hacker's Handbook, I tried to make a small test on my own website (ASP.NET MVC3). I have a model which it contains two fields, the first field is a disabled dropdownlist. The second is an enabled text field. The…

asp.net-mvc-3 tampering

asked Mar 25 '12 at 16:57

Anwar

4,470
4
24
30

Prev 1 2

4 5 Next