External Link
https://dl.acm.org/doi/abs/10.1145/2435349.2435365
BibTeX
@inproceedings{10.1145/2435349.2435365, author = {Skrupsky, Nazari and Bisht, Prithvi and Hinrichs, Timothy and Venkatakrishnan, V. N. and Zuck, Lenore}, title = {TamperProof: a server-agnostic defense for parameter tampering attacks on web applications}, year = {2013}, isbn = {9781450318907}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/2435349.2435365}, doi = {10.1145/2435349.2435365}, abstract = {Parameter tampering attacks are dangerous to a web application whose server performs weaker data sanitization than its client. This paper presents TamperProof, a methodology and tool that offers a novel and efficient mechanism to protect Web applications from parameter tampering attacks. TamperProof is an online defense deployed in a trusted environment between the client and server and requires no access to, or knowledge of, the server side codebase, making it effective for both new and legacy applications. The paper reports on experiments that demonstrate TamperProof’s power in efficiently preventing all known parameter tampering vulnerabilities on ten different applications.}, booktitle = {Proceedings of the Third ACM Conference on Data and Application Security and Privacy}, pages = {129–140}, numpages = {12}, keywords = {prevention, parameter tampering}, location = {San Antonio, Texas, USA}, series = {CODASPY ‘13} }