Hardware Secrets
Home | Camera | Case | CE | Cooling | CPU | Input | Memory | Mobile | Motherboard | Networking | Power | Storage | Video | Other
Content
Articles
Editorial
First Look
Gabriel’s Blog
News
Reviews
Tutorials
Main Menu
About Us
Awarded Products
Datasheets
Dictionary
Download
Drivers
Facebook
Links
Manufacturer Finder
Newsletter
RSS Feed
Test Your Skills
Twitter
Newsletter
Subscribe today!
Search
Recommended
Networking Bible
Networking Bible, by Barrie Sosinsky (Wiley), starting at $1.49


Home » Networking
Testing the Security of Your Website – Part 3
Author: Gabriel Torres 11,184 views
Type: Tutorials Last Updated: November 5, 2013
Page: 1 of 3
Data Manipulation

Some programmers trust that users will access a webpage the way the developer intended. What if the user tries to manipulate and change variables? What will happen? This is something you must test on your website.

This subject is better explained through examples. Let’s say you have an online store where the user can see his order through a link such as http://www.yoursite.com/orders.php?id=12345. What happens if the user tries to change his order number to a different number on the URL? Will he be able to see orders posted by other clients? In a well-designed script, the user will only be able to see his own orders, and give an error message if the user tries to manually manipulate the variable.

On another example, let’s say you have a website with a link such as http://www.yoursite.com/article.php?id=12345, which we assume displays article number 12345 from your database. What happens if the user tries to change the variable to a number of an article that does not exist? On a well-designed script, it will display an error message, whereas on a poorly designed script the page will be displayed with the text missing, which is not desirable.

And what happens if the user tries to manipulate the variable in a more drastic way? That is our next subject.

Print Version | Send to Friend | Bookmark Article Page 1 of 3  | Next »

Related Content
  • Testing Your Computer Security
  • Protecting Your Computer Against Invasions
  • Intel LaGrande Technology Explained
  • Testing the Security of Your Website Part 1
  • Testing the Security of Your Website Part 2

  • RSSLatest Content
    ASUS ZenFone 5 Smartphone Review
    October 15, 2014 - 7:00 PM
    ASUS AM1M-A Motherboard
    October 15, 2014 - 4:30 AM
    ASRock X99 Extreme4 Motherboard
    October 14, 2014 - 4:10 AM
    Cooler Master Elite 130 Case Review
    October 9, 2014 - 2:46 AM
    ASUS RAMPAGE V EXTREME Motherboard
    October 7, 2014 - 2:50 AM
    ASRock Fatal1ty X99M Killer Motherboard
    October 6, 2014 - 5:40 AM
    ASUS X99-DELUXE Motherboard
    September 30, 2014 - 1:07 AM
    MSI GT70 2PE Dominator Pro Laptop Review
    September 25, 2014 - 1:15 AM
    Sony Xperia T3 Smartphone Review
    September 22, 2014 - 1:50 AM







    2004-14, Hardware Secrets, LLC. All rights reserved.
    Advertising | Legal Information | Privacy Policy
    All times are Pacific Standard Time (PST, GMT -08:00)