Title :
Detection and Prevention of Data Manipulation from Client Side in Web Applications
Author :
Ghafari, Mohammad ; Shoja, Hamid ; Amirani, Mohammad Yosef
Author_Institution :
Dept. of Comput. Eng. & Inf. Technol., Payame Noor Univ., Tehran, Iran
Abstract :
One of the most critical attacks against web applications is data manipulation classified in logical attacks. They are not identified by automated vulnerability scanners, so they need human surveillance in many cases. This paper provides a server-side validation mechanism which leverages from user´s access level to prevent a kind of manipulation of data exchanged between client and server and guarantees originality of data. This manipulation executes in order to modify vital parameters´ value in a way, in which user often shouldn´t be able to. The results of case study show the feasibility and applicability of the proposed method in almost all cases. Furthermore, it can be applied in ready applications with few changes in target application.
Keywords :
Internet; client-server systems; computer crime; pattern classification; software maintenance; surveillance; Web applications; automated vulnerability scanners; client side; client-server system; critical attacks; data exchange; data manipulation classification; data manipulation detection; data manipulation prevention; human surveillance; legacy applications; logical attacks; server-side validation mechanism; user access level; Business; Complexity theory; Computers; Databases; Security; Web servers; Access Level; Parameter Manipulation; Privacy; Security; Validation;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2172-3
DOI :
10.1109/TrustCom.2012.124
