Detection and Prevention of Data Manipulation from Client Side in Web Applications

Author

Ghafari, Mohammad ; Shoja, Hamid ; Amirani, Mohammad Yosef

Author_Institution

Dept. of Comput. Eng. & Inf. Technol., Payame Noor Univ., Tehran, Iran

fYear

2012

fDate

25-27 June 2012

Firstpage

1132

Lastpage

1136

Abstract

One of the most critical attacks against web applications is data manipulation classified in logical attacks. They are not identified by automated vulnerability scanners, so they need human surveillance in many cases. This paper provides a server-side validation mechanism which leverages from user´s access level to prevent a kind of manipulation of data exchanged between client and server and guarantees originality of data. This manipulation executes in order to modify vital parameters´ value in a way, in which user often shouldn´t be able to. The results of case study show the feasibility and applicability of the proposed method in almost all cases. Furthermore, it can be applied in ready applications with few changes in target application.

Keywords

Internet; client-server systems; computer crime; pattern classification; software maintenance; surveillance; Web applications; automated vulnerability scanners; client side; client-server system; critical attacks; data exchange; data manipulation classification; data manipulation detection; data manipulation prevention; human surveillance; legacy applications; logical attacks; server-side validation mechanism; user access level; Business; Complexity theory; Computers; Databases; Security; Web servers; Access Level; Parameter Manipulation; Privacy; Security; Validation;

fLanguage

English

Publisher

ieee

Conference_Titel

Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on

Conference_Location

Liverpool

Print_ISBN

978-1-4673-2172-3

Type

conf

DOI

10.1109/TrustCom.2012.124

Filename

6296103