Web application security - the fast guide Chapter 5: Attack Execution - the client | Page 20

Direct Change to URL parameters
Attack requirement:
1. Information are passed
through parameters
embedded in the URL .
2. Wrong inputs are not well
validated
Attack process
1. This attack considered one of
the easiest attacks, it can be
mainly done without the
need of any tool but in the
worst scenario all what is
needed is:
2. Using a proxy capture the
request.
3. Alter the parameters as
requested directly from URL.
4. Release the altered request.
2017-05-10
Web Application Security Fast Guide (book slides)
By Dr.Sami Khiami
Slide 20