What is Parameter Tampering?

Parameter tampering is a sophisticated form of hacking that creates a change in the Uniform Resource Locator, or URL, associated with a web page. Essentially, parameter tampering makes it possible for the hacker to gain access to any information entered by an end user on an effected web page, and redirect it to the hacker for unauthorized use. This type of hacking activity is often employed to gain access to personal information such as credit card numbers, government issued identification numbers, and other data that is of a proprietary nature.

One of the more common tools used to minimize the potential for parameter tampering is the firewall. As part of the operation of a firewall, each parameter or identifying data that defines a web page must be verified in order to allow full access to the page. If any single parameter does not meet with the standards established during the implementation of the firewall, access is blocked and cannot be secured by a hacker.

Various other settings can be put in place to limit the ability of a hacker to make use of parameter tampering. Like a firewall, these settings verify the status of all parameters and make sure nothing is amiss. This verification process will look at the numeric range that was set for the web page as well as the minimum and maximum lengths of the entered strings that are applied to the page. If any parameter does not match the original configuration, then access is denied.

Even with these safeguards in place, it is recommended that any computer network undergo a scheduled security check in order to identify any possible attempts to employ parameter tampering by an outside source. The routine security checks can often spot potential weaknesses in the current security settings and make it possible to protect the URLs from newer and more potent viruses and other dangers that could overcome current security protocols.

Both whitelisting and blacklisting are employed as tools to limit parameter tampering. Whitelisting essentially works to accept only input that is deemed allowable by the current security settings. Blacklisting focuses more on refusing to allow access using any input that is not specifically included in the security protocols. Depending on the degree and type of security protection desired, one or both of these tools may be employed simultaneously.