Effects of parameter tampering on business
As a pentester, you will often have to analyze the source code. These days, the world of e-commerce is growing quickly. Consider an example of an e-commerce website, as shown in the following screenshot:
The preceding screenshot shows that the price of a Nokia C7 is 60 and the price of an iPhone 3G is 600. You do not know whether these prices came from the database or are written in the web page. The following screenshot shows the price of both mobiles:
Now, let's look at the source code, as shown in the following screenshot:
Look at the rectangular boxes in the preceding screenshot. The price 60 is written in the web page, but the price 600 is taken from the database. The price 60 can be changed by URL tampering if the GET method is used. The price can be changed to 6 instead of 60. This will badly impact the business. In white-box testing, the client gives you the source code, and you can analyze this code, but...