Eccouncil Exam ECSAv10 Topic 8 Question 3 Discussion

Actual exam question for Eccouncil's ECSAv10 exam

Question #: 3
Topic #: 8

The Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc.

Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations.

Attackers can easily modify these parameters to bypass the security mechanisms that rely on them.

What is the best way to protect web applications from parameter tampering attacks?

AValidating some parameters of the web application

BMinimizing the allowable length of parameters

CUsing an easily guessable hashing algorithm

DApplying effective input field filtering parameters

Show Suggested Answer

Suggested Answer: D

by Gregoria at May 04, 2022, 03:23 PM

Limited Time Offer

25%

Off

Get Premium ECSAv10 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!