Forum Discussion

Nimbostratus

Mar 12, 2013

Parameter Tampering

Dear all, I want to know how can I avoid users to manipulate the URL and circumvent a security permission? Example, user clicks a link: http://myweb.com/student_data/academic...

app sec

BIG-IP Access Policy Manager (APM)

security

pcastagnaro_709

Nimbostratus

Mar 13, 2013

Posted By nathan on 03/12/2013 02:58 PM

Dependant on the answer to Mike's question could a flow policy work for you?

Rgds

I think flow policy involves into a vulnerability, because if an attacker wants to access /student_data/academic_data.jsp?studentID=AAA12345 he could do the request, tamper this adding Referer header, and application will show him page requested.

Is that correct?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)