A parameter tampering attack is a malicious attack on an application where the attacker is manipulating hidden form variables in an attempt to disrupt the application.
Countermeasures for this attack include:
- Effective input field filtering. Input fields should be filtered to remove all characters that might be a part of an input injection. Which characters are removed will depend upon the types of software used by the application.
- Application firewall. Network firewalls inspect only the source and destination addresses and the port numbers, but not the contents of network packets. Application firewalls examine the contents of packets and block packets containing input attack code and other unwanted data.
- Variable integrity checking. If you application uses values in hidden fields to communicate parameters from page to page, you need to consider adding a variable that is a computed hash of other variables. Make sure your algorithm for hashing your hidden variables is not easily guessed – or consider using encryption in addition to hashing. When each page begins to process its variables, compute the hash again and compare it to the hash value variable. If the values are different, you know that your variables have been tampered with and you can exit gracefully after logging the incident.
- Application vulnerability scanning. Organizations that develop their own applications for online use should scan those applications for input attack vulnerabilities, in order to identify vulnerabilities prior to their being discovered and exploited by outsiders.
These countermeasures lower the risk of parameter tampering by making the application more robust and/or protected from input attacks.
Peter H. Gregory 