VtigerCRM Security Changes - Prevent Parameter Tampering + Escaping/Encoding and Input Validation
₹1500-12500 INR
Paid on delivery
1) Parameter Tampering:
Parameter tampering attacks target the application business logic. Attackers can easily modify these parameters to bypass the security mechanisms that rely on them. Insufficient validation of such parameters could allow attackers to severely compromise the application resources as well as its operation.
Solutions required:
a) Query String: Deny misuse/manipulation of query strings of URLs in browser
b) Post data: Use post data instead of get data and clean the information received through the POST parameter
c)) Headers:Both HTTP requests and responses use headers to deliver information about the HTTP message. All HTTP headers must be validated since headers such as the "referrer" or "user-agent" are often logged to a database for traffic statistics. Failure to validate this information could thus allow attackers to inject malicious data into the logs and execute arbitrary commands.
d) Cookies : Cookie value tampering can be done so prevent misuse of cookies
2) Input Reflected in Response:
Reflection of input arises when data is copied from a request and echoed into the application's
immediate response.
Solution required:
Escaping/Encoding and Input Validation should be done.
Project ID: #23832095
About the project
2 freelancers are bidding on average ₹23000 for this job
Hi, Based on your mentioned description, most of the requirement is clear. Let us talk over chat or maybe schedule a call to discuss this further. I am looking ahead to your kind revert on this. Regards Ahmad Abraz
