Tampering means changing or deleting a resource without authorization. A web application is an application that is accessed through a web browser over the internet. Data tampering in web applications simply means a way in which a hacker or a malicious user gets into a web site and changes, deletes or to access unauthorized files. A hacker or malicious user can also tamper indirectly by using a script exploit that is the hacker would get the script to execute by masking it as a user input from a page or as a web link.
Tampering is one of the biggest security threats faced by web applications. It is used to change or edit files found in web applications which are usually used by multi-million business corporations across the world. Tampering started in the late 1980’s as a way to sabotage data or plant a malicious or destructive program to delete data. Since then it has progressed and enhanced through the years. In the year 2000, hackers were able to perform data fabrication and falsification to deceive the uses of the web application. From then on, tampering with web applications are becoming easier for attackers because of the advanced technology being produced and released every year, that is to say that these technologies provide easy to use tools and application programs to simplify data tampering or data manipulation in computer systems.
Types of Data Tampering
Data tampering or data manipulation can usually be done through the following ways: Cookies, HTML Form Fields, URL Query Strings, HTTP Headers and Password Cracking.
- COOKIE TAMPERING: Cookies are used as a mechanism to store user details and preferences and other data including session tokens. Cookies that are persistent and non-persistent, insecure or secure can be altered by the user and sent to the server with Uniform Resource Locator requests, therefore any malicious user or hacker can modify cookie content to his advantage allowing the attacker to access the files needed.
- HTML FORM FIELDS TAMPERING: When a user makes selections or changes on a web or an HTML page, the selection is stored as form field values which are then delivered to the application as an HTTP request. HTML usually stores field values as Hidden Fields, which are not shown to the screen of the user but are collected and submitted as strings or parameters during form submissions. Whether these form fields can be hidden, pre-selected or free form, they can all be tampered or manipulated by the hacker to submit whatever values he/she chooses.
- URL QUERY STRINGS TAMPERING: URL tampering comes with all of the problems associated with Hidden Form Fields. One of two methods is used by the HTML forms to submit their results, either POST or GET. Usually the method GET is used, showing all form element names and their values in the query string of the next URL that the hacker sees. Hackers find tampering with query strings easier than tampering with hidden form fields. All that the hacker has to do is look at the URL in the user’s address bar. For example; a web page allows the authenticated user to select one of his pre-populated accounts from a drop-down box and debit the account with a fixed unit amount. His/her choices are recorded by pressing the submit button. The page is actually storing the entries in form field values and submitting them using a form submit command. The command sends the following HTTP request: http://www.victim.com/example?accountnumber=12345&debitamount=1, now all what the hacker has to do is could construct his/her own account number and change the parameters like the following: http://www.victim.com/example?accountnumber=67891&creditamount=999999999.
- HTTP HEADER TAMPERING: HTTP headers are used by the web server software and the user only. Most web applications do not use them. Some web developers choose to monitor incoming headers and it is important to notice that request headers are originally from the client or user side, and they might be altered by an attacker. Normal web applications do not allow header alteration or modification. A hacker will have to write his own program to perform the HTTP request or may use a freely available proxy that will allow easy modification of any data sent from the web application.
- PASSWORD CRACKING TAMPERING: A password cracker is an application program that is used to help a hacker or malicious user to identify an unknown password to a computer or network resources to obtain or allow unauthorized access to its resources. The hacker would attempt to gain valid credentials from an authentication system by large numbers of repeated authentication attempts by using different passwords. Password cracking application program uses two primary methods to search or identify correct passwords which are the brute force and dictionary searches. When the application program uses brute force, it simply runs through combinations of all kinds of characters with a predetermined length until it identifies the correct combination which is for the computer system. When it uses the dictionary search, the application program searches each word in the dictionary for the correct password for the computer system.
Risks Involved in Data Tampering
Data tampering causes risks such as important information exposed, deletion of files, eavesdropping on unauthorized conversations, and important messages being changed or altered. The major risks involved in data tampering are;
- Hacker can eavesdrop on important conversions.
- Browser cache may contain contents of private messages.
- Data validation may allow SQL injection: SQL injection is a process whereby the hacker would insert a malicious code into strings that are later passed to a SQL Server for parsing and execution leaving it vulnerable to attack.
- Hackers or attackers may be able to read, change or alter other user’s messages.
- Authorization may fail, allowing unauthorized access leading to deletion of important files.
Data Tampering is usually caused for business purposes, that is, rival companies attack each other to gain important information about one another such as sales files or new projects on prototype products being stolen for the other companies benefit. This usually ends with one company closing down because of the deletion of the companies archives of important files which are needed to keep the company running its day to day activities.
Prevention and Countermeasures
A primary defense against data tampering is to use a firewall and windows security to lock down important files, directories and other resources. The web application should also run with minimum privileges. Guarding against script exploits by not trusting any information that comes from a user or even from a database. Appropriate and safe steps should be taken when getting information from untrusted sources, to make sure it does not contain any malicious executable code.
Counter-Measures to prevent data tampering are done through the following ways: by using data signing and harsing, using digital signatures, using strong authorization, using tamper resistant protocols across communication links, using secure communication links with protocols that provide message integrity, also by using strong and powerful firewalls, and long passwords that consist of alphanumeric characters, by also blocking IP addresses for a certain period of time which will cause repeated failed login attempts by the attacker.
Also by using access controls to protect data in persistent stores to ensure that only authorized users can access and modify the data, and by using role based security to define which users can view data and which users can modify data.