What is Hidden Manipulation?
Hidden manipulation, primarily focusing on e-commerce websites, is one of the most common hacking practices today. This type of hacking involves manipulation of hidden fields to alter data stored in those fields.
How does it work?
Hidden manipulation is generally conducted against online stores. During client sessions, developers employ hidden fields to store information related to the client. Generally, the fields include price and discount rates. Let’s take, for example, a website that deals in watches and the given value for one of their watches reads $500. The existing hidden field was developed in the application to facilitate rapid development, and is intended to store the value of the watch in the particular field. A developer working on the application could possibly assume the information will stay intact and unharmed in the hidden field. However, a hacker can subsequently alter that value using a common Netscape HTML Editor; he might change the value $500 to $20. Thus, through using hidden manipulation processes and an HTML editor, he can not only submit the slightly altered HTML page, but also can then execute and conclude a transaction for the price-manipulated item. The hacker has successfully set his own price and purchased the item at a reduced value.
What are the Risks?
Rightfully, website owners and companies that conduct online business are worried about these types of attacks. Many have employed traditional security technique to protect their network, such as using sound anti-virus software, a firewall, or the latest intrusion detection software. However, although these hidden fields are beyond the reach of everyday users, hackers who have programming knowledge can infiltrate the fields and data, and ultimately exploit them. Additionally, hidden manipulation attacks have the potential to expose crucial business information of website entities and ultimately can make the online store suffer huge losses. With increased numbers of hidden manipulation, websites risk losing credibility with their clients.
What we can do
As a part of our comprehensive managed IT security services, Hacker4Lease provides security risk assessment services, as well as application security services. We are the industry leaders in developing and implementing IT security services management plan solutions to protect you from the full range of IT security attacks.
Please contact us for more information.
© 2012 Toronto Professional services LTD. All rights reserved