What is Parameter Tampering?

Malcolm Tatum
Malcolm Tatum

Parameter tampering is a sophisticated form of hacking that creates a change in the Uniform Resource Locator, or URL, associated with a web page. Essentially, parameter tampering makes it possible for the hacker to gain access to any information entered by an end user on an effected web page, and redirect it to the hacker for unauthorized use. This type of hacking activity is often employed to gain access to personal information such as credit card numbers, government issued identification numbers, and other data that is of a proprietary nature.

Parameter tampering is a form of hacking involving the change in a web page's URL.
Parameter tampering is a form of hacking involving the change in a web page's URL.

One of the more common tools used to minimize the potential for parameter tampering is the firewall. As part of the operation of a firewall, each parameter or identifying data that defines a web page must be verified in order to allow full access to the page. If any single parameter does not meet with the standards established during the implementation of the firewall, access is blocked and cannot be secured by a hacker.

Various settings can be put in place to limit a hacker's ability to make use of parameter tampering.
Various settings can be put in place to limit a hacker's ability to make use of parameter tampering.

Various other settings can be put in place to limit the ability of a hacker to make use of parameter tampering. Like a firewall, these settings verify the status of all parameters and make sure nothing is amiss. This verification process will look at the numeric range that was set for the web page as well as the minimum and maximum lengths of the entered strings that are applied to the page. If any parameter does not match the original configuration, then access is denied.

Even with these safeguards in place, it is recommended that any computer network undergo a scheduled security check in order to identify any possible attempts to employ parameter tampering by an outside source. The routine security checks can often spot potential weaknesses in the current security settings and make it possible to protect the URLs from newer and more potent viruses and other dangers that could overcome current security protocols.

Both whitelisting and blacklisting are employed as tools to limit parameter tampering. Whitelisting essentially works to accept only input that is deemed allowable by the current security settings. Blacklisting focuses more on refusing to allow access using any input that is not specifically included in the security protocols. Depending on the degree and type of security protection desired, one or both of these tools may be employed simultaneously.

Malcolm Tatum
Malcolm Tatum

After many years in the teleconferencing industry, Michael decided to embrace his passion for trivia, research, and writing by becoming a full-time freelance writer. Since then, he has contributed articles to a variety of print and online publications, including EasyTechJunkie, and his work has also appeared in poetry collections, devotional anthologies, and several newspapers. Malcolm’s other interests include collecting vinyl records, minor league baseball, and cycling.

You might also Like

Discuss this Article

Post your comments
Login:
Forgot password?
Register: