Blog

Why is URL Manipulation a Security Concern?

Why is URL Manipulation a Security Concern?

If you’ve spent any time using a computer, you probably know what a URL is. It is the address of a website. It typically starts with “http//:” or “https://” and directs the Internet browser on where the user would like to surf. Nowadays a threat could be created by manipulating the URL. Today, we’ll take you through this threat. 

The URL

Before we get into the manipulation of the URL, let’s define its parts. 

At the beginning of the URL there is the protocol. This tells the computing network which language is being used. For most Internet-based directions, the protocol will be HTTP, for Hypertext Transfer Protocol. Other protocols you’ll see include File Transfer Protocol (FTP), News, and Mailto.

The next part is the ID and password. Since most people don’t want their login credentials exposed, they leave this information out of the URL. Safety first. 

The next part of the URL is the server name. The server name provides users a path to access information stored on specific servers whether they are loaded through a domain or through the IP address associated with that server.

The fourth part of the URL is the port number. This number is associated with the services on the server and tells them what type of resources are being requested. The default port is port 80, which can be left off the URL as long as the information that is being requested is associated with port 80. You’ll often not see the port number during day-to-day surfing, because most legitimate sites use the standard port 80.

The final part of the URL is what is called the path. The path gives direct access to the resources found tied to the IP (or domain).

Manipulating the URL

When a hacker looks to manipulate a URL, he/she does so by changing parts of the URL to test access. Since most users navigate a website through traditional means--that is that they use the links provided on the website--sometimes hackers can find vulnerabilities by a trial and error approach. 

By manipulating the parameters to try different values, hackers can test directories and file extensions randomly to find the resources they are after. This provides access to resources that typically wouldn’t be available and would otherwise be protected. Today, hackers have tools that allow them to automate these penetrations, making it possible to test a website (and more specifically, find vulnerabilities) in seconds. With this method, these hackers can try searching for directories that make it possible to control the site, scripts that reveal information about the site, or for hidden files. 

Directory traversal attacks, also known as path traversal attacks, are also popular. This is where the hacker will modify the tree structure path in a URL to force a server to access unauthorized parts of the website. On vulnerable servers, hackers will be able to move through directories simply.

What You Can Do?

By securing your network against URL attacks, you are eliminating major vulnerability points. One thing you can do is to ensure that all of your Internet-based software is updated and patched with the latest threat definitions. In doing so you gain a lot more control over your network and data. 

The IT experts at White Mountain IT Services can help you keep your business’ IT infrastructure from working against you. Call us today at 603-889-0800 for more information about how to maintain your organization’s network security.

Related Posts

When many businesses look to hire new staff, they typically have a series of qualifications they need each applicant to meet before they grant interviews. They make their selection, do their entrance training, and then expect that the new hire will s...
Let me ask you a few questions—first, how confident are you that you could spot an online ruse, and second, did you know there’s a stain on your shirt right now? Did you look? If so, you’ve just fallen for the school playground version of social engi...
As a business professional, it’s your responsibility to protect your company’s digital assets from cybercrime, but the path forward is not always so easy or clear-cut. Without a thorough knowledge and expertise of IT security at your disposal, it can...
Cloudflare has foiled the plans of yet another major hacking attack, a record-breaking DDoS attack of the likes we have never before seen. Let’s examine what goes into such an attack and what you can do to keep your business safe from their influence...
Businesses today have to deal with more potential problems than in any time in history. They are dealing with cost increases at every turn, personnel shortages, and a regulatory landscape that is always evolving. One of the biggest issues that can ha...
Security is an incredibly important part of running a business, but it’s extremely easy for busy employees to fall short of the security expectations you might place on them. This is why it is so important to train your employees on the many facets o...
How many security solutions does your organization have implemented at any given time? Traditionally, businesses have implemented what we call “point solutions,” which are software tools designed to address a specific part of your security infrastruc...

The Internet is a critical tool in your business’ toolbox, so it needs to be fast, reliable, and stable. What kinds of factors go into ensuring that you get the best, most reliable Internet connection? Find out in today’s blog.

Your company’s email is one of its most important pieces of technology, and since that is true for nearly every business, it is unfortunately one of the most utilized attack vectors used by cybercriminals. Most businesses don’t understand just how vu...
With so many wireless networks available to connect to, it’s no surprise that wireless security is a cornerstone of working while on the go. We thought it would be helpful to have a list of best practices to help ensure your wireless networks, and th...
Data breaches—any event where a business’ confidential data is viewed, copied, or stolen by an unauthorized person or party—are a serious problem. Unfortunately, they are also a serious problem that can be caused by no shortage of situations. Let’s r...
When you go to such great lengths to protect your business’ network, it can come as quite a shock when you experience a data breach. Surely someone has to be at blame for such an event, right? Unfortunately, this mindset is often one that can come as...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our offices in NH.  We will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 60 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

White Mountain IT Services

 


33 Main St, Suite 302
Nashua, NH 03064

 


121 Riverfront Drive
Manchester, NH 03102

 

Client Help Desk
603-889-2210

 

Open Positions