Stack Overflow
Stack Overflow

Questions tagged [tampering]

Tampering: is a process for doing Security testing of web application

At the most basic level, a test case is just a series of inputs and expected outputs. Security testing requires tweaking input in ways normally prohibited by well-behaved, normal web browsers.

Security vulnerabilities can be exploited from any type of input. We intend to take you beyond functional testing, and help you tamper with forms, files, GET, POST, AJAX, cookies, headers, and more.

This chapter suggests many ways of tampering with input and may even include common attack patterns, but does not go into detail on the most famous of web security flaws such as XSS, CSRF, and SQL Injection.

Depending on the environment you are given, you might be executing your tests against development servers, staging (i.e., pre-production ), or separate QA/testing servers. We would discourage testing against production web applications, unless you really have no alternative. Depending on which environment you’re using, you have a few pitfalls to be aware of and avoid.

If you test against development, be aware that your test environment probably does not map well to your production environment. Web servers, application servers, and the application itself.

73 questions
0
votes
2 answers

Testing ASP.NET security in Firefox

I'm not sure whether this question belongs on StackOverflow or SuperUser, but here goes nothing... I'm trying to test out some basic security problems on my personal ASP.NET website to see exactly how the custom validators, etc. work when tampering…
Deniz Dogan
  • 25,711
  • 35
  • 110
  • 162
0
votes
1 answer

How to send message in my profile with python

I know my question may be is not really good. but as a person who is new with python I have a question: I wrote a code with python that make me login to my page: import urllib, urllib2, cookielib email = 'myuser' password = 'mypass' cj =…
MLSC
  • 5,872
  • 8
  • 55
  • 89
0
votes
1 answer

How to post data to get correct result?

I am trying to do some post. Uses IdBaseComponent, IdTCPConnection, IdTCPClient, IdHTTP, IdComponent, StrUtils, IdSSLOpenSSL; function PostData(const AURL: string; AParamList: TStringList): string; var _idHTTP: TIdHTTP; _ResultStream:…
Edijs Kolesnikovičs
  • 1,627
  • 3
  • 18
  • 34
0
votes
0 answers

JSF 2 form tampering

I am very new to jsf coming from strust2 just for two days! As struts automatically bind the request parameters to actions, there was a mechanism to help you control this specially when you used ModelDriven approch. There you could implement the…
Alireza Fattahi
  • 42,517
  • 14
  • 123
  • 173
0
votes
2 answers

If an image is tampered with some additional content, how to remove that additional content from the image in Java?

I want to know if there is any solution for the following scenario: I have an application which uploads the files, after scanning and transcoding them, onto a server. Suppose, an image file is being uploaded which has been tampered with some…
Vaibhav Sawalkar
  • 147
  • 1
  • 2
  • 9
0
votes
6 answers

How to tamper with source IP address on Windows

We meet a testing scenario which needs to tamper with source IP address of a Http request to simulate clients coming from different countries. Do you know any tool help on this? Last but not least, our web site is built with ASP.NET. Thanks.
Ricky
  • 34,377
  • 39
  • 91
  • 131
0
votes
3 answers

solution for: select input, dropdown tampering prevention

for hidden field tampering protection: Id, RowVersion, I use a version of Adam Tuliper AntiModelInjection. I'm currently investigating a way to prevent tampering of valid options found in select lists/drop downs. Consider a multitenant shared…
Leblanc Meneses
  • 3,001
  • 1
  • 23
  • 26
0
votes
1 answer

mvc c# url change makes me signed in as another user, how to prevent this?

I am using following code for user authentication Home Controller: ------------------ [AllowAnonymous] [HttpPost] public JsonResult JsonLogin(SecurityDTO usr) { var cnt = _ipres.CheckLoginCount(usr); if (cnt…
Kittu
  • 1
  • 1
0
votes
1 answer

Tamper data post parameters to prove the NULL pointer case ( JAVA JSP)

There was a NULL pointer exception occurred in production I am trying to replicate the run time exception in my local system. I am actually using the fire fox tamper tool to intercept the post parameters. I entered NULL values in the tamper…
Pras
  • 5
  • 1
  • 4
0
votes
1 answer

Android: Detecting user tampering with phone

I'd like to detect when a user presses any hardware button on a sleeping android phone (or at least the home and the power button). Until now I have used a BroadcastReceiver for the ACTION_SCREEN_ON event, which works great but it is also raised…
DominicM
  • 2,186
  • 5
  • 24
  • 42
-1
votes
1 answer

How to avoid parameter tampering and interception in a web application?

We have a HTML page with a form, and assuming that just before submitting the form, the request is intercepted and the values entered by authorized user is tampered by some hacking tool. How can we remediate or prevent such in a web…
abhimanyu435
  • 69
  • 1
  • 4
-1
votes
1 answer

How would you design a system to secure log information in Linux?

I am trying to learn how to secure a linux servers, I have started it with basic logging and authentication. I would like to know if anyone can steal my logging info in default mode.If yes, then how can i secure it. I have already googling, but…
Osama Wasim
  • 3
  • 1
-3
votes
1 answer

Problems with Excel - Is a third party tampering with my computer?

The following codes did not work for me, today. I think somebody is tampering with my computer. I wonder, how this could be duplicated, or is there an error with my code: 'number of rows for a certain column: dim c as integer c =…
Michaelinscarbororough
  • 5
  • 5
1 2 3 4
5