Why is URL Manipulation a Security Concern?
If you’ve spent any time using a computer, you probably know what a URL is. It is the address of a website. It typically starts with “http//:” or “https://” and directs the Internet browser on where the user would like to surf. Nowadays a threat could be created by manipulating the URL. Today, we’ll take you through this threat.
Before we get into the manipulation of the URL, let’s define its parts.
At the beginning of the URL there is the protocol. This tells the computing network which language is being used. For most Internet-based directions, the protocol will be HTTP, for Hypertext Transfer Protocol. Other protocols you’ll see include File Transfer Protocol (FTP), News, and Mailto.
The next part is the ID and password. Since most people don’t want their login credentials exposed, they leave this information out of the URL. Safety first.
The next part of the URL is the server name. The server name provides users a path to access information stored on specific servers whether they are loaded through a domain or through the IP address associated with that server.
The fourth part of the URL is the port number. This number is associated with the services on the server and tells them what type of resources are being requested. The default port is port 80, which can be left off the URL as long as the information that is being requested is associated with port 80. You’ll often not see the port number during day-to-day surfing, because most legitimate sites use the standard port 80.
The final part of the URL is what is called the path. The path gives direct access to the resources found tied to the IP (or domain).
Manipulating the URL
When a hacker looks to manipulate a URL, he/she does so by changing parts of the URL to test access. Since most users navigate a website through traditional means--that is that they use the links provided on the website--sometimes hackers can find vulnerabilities by a trial and error approach.
By manipulating the parameters to try different values, hackers can test directories and file extensions randomly to find the resources they are after. This provides access to resources that typically wouldn’t be available and would otherwise be protected. Today, hackers have tools that allow them to automate these penetrations, making it possible to test a website (and more specifically, find vulnerabilities) in seconds. With this method, these hackers can try searching for directories that make it possible to control the site, scripts that reveal information about the site, or for hidden files.
Directory traversal attacks, also known as path traversal attacks, are also popular. This is where the hacker will modify the tree structure path in a URL to force a server to access unauthorized parts of the website. On vulnerable servers, hackers will be able to move through directories simply.
What You Can Do?
By securing your network against URL attacks, you are eliminating major vulnerability points. One thing you can do is to ensure that all of your Internet-based software is updated and patched with the latest threat definitions. In doing so you gain a lot more control over your network and data.
The IT experts at White Mountain IT Services can help you keep your business’ IT infrastructure from working against you. Call us today at 603-889-0800 for more information about how to maintain your organization’s network security.
- Three Reasons VoIP is a Great Choice for Businesses If you’re trying to run your business without considering communication, you’re crippling your business unnecessarily. One of the ways that you can improve communications is by capitalizing on a modern phone system that uses the cloud. You might be surprised by how great a cloud-hosted VoIP solution...
- Tip of the Week: Awareness Is Important When Surfing the Web We all love the Internet. We all use it almost every day. For this week’s tip, we’ll review a few ways to help keep yourself from getting in trouble while browsing. Sacrificing Security for ConvenienceFor starters, most of the threats to be found online are of the sort that can be avoided somewha...
- IoT Security is a Key Business Concern The Internet of Things is everywhere, which means that potential security risks are also everywhere. Your business needs to take the risks presented by the IoT into account and prepare accordingly. What are You Willing to Risk?When devising a policy for your company concerning the IoT, you need t...
- Getting to Know Technology: Hackers It doesn’t matter how much of a technology novice someone is, chances are, they’ve heard the term “hacker” before. A favorite character trope of Hollywood films and television dramas, these cybercriminals have appeared in productions like Die Hard and Mr. Robot with varying degrees of accuracy. Belo...
- Google’s Making Changes to Chrome, and Not Everyone’s Happy Chrome 70 is yet another example of how divisive technology has the potential to be. On the one hand, a few of the changes have people excited about some clear benefits to security, but others worry that Chrome will no longer be as secure or as user-friendly. We’ll review some of the changes coming ...
- Tip of the Week: Prime Your Business for a Successful 2019 As 2018 progresses, certain technologies and implementations are becoming more prominently used by businesses. These trends are anticipated to continue, so it only makes sense to embrace these technologies sooner rather than later. Today, we’ll review some of these technologies, why they are expecte...