Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Hidden fields within web pages can be used to save information about a client session. This option can also be applied in order to store session variables that enable persistence across multiple website pages, such as maintaining the contents of a shopping cart on a retail web site. The most probable web-based attack due to the use of hidden fields is:
Parameter tampering.
Cookie poisoning.
Stealth commanding.
Cross-site scripting.
Web application developers sometimes use hidden fields to save information about a client session or to submit hidden parameters, such as the language of the end user, to the underlying application. Since hidden form fields do not display in the browser, developers may feel safe passing invalidated data in the hidden fields (to be validated later). This practice is not safe since an attacker can intercept, modify and submit requests which can discover information or perform functions that the web developer never intended. The malicious modification of web application parameters is known as parameter tampering. Cross-site scripting involves the compromise of the web page to redirect users to content on the attacker web site. The use of hidden fields has no impact on the likelihood of a cross-site scripting attack since these fields are static content that cannot ordinarily be modified to create this type of attack. Web applications use cookies to save session state information on the client machine so that the user does not need to log on every time a page is visited. Cookie poisoning refers to the interception and modification of session cookies in order to impersonate the user or steal logon credentials. The use of hidden fields has no relation to cookie poisoning. Stealth commanding is the hijacking of a web server by the installation of unauthorized code. While the use of hidden forms may increase the risk of server compromise, the most common server exploits involve vulnerabilities of the server operating system or web server.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.