How to Protect Your Application Against Parameter Injection

How to Protect Your Application Against Parameter Injection: "Securing your web application against the hackers of the world is a difficult task. Authentication mechanisms, sessionIds, and user accounts are a few of the options that are available to you for your efforts. However, the most common technique of remotely manipulating an application is parameter injection. So, for example, let�s say you are viewing a transaction of customer #448, and your URL looks something like www.myapplication.com/customer.aspx?customerID=448. What is to stop customer 448 from typing in 449, let�s say, and viewing another customer�s transaction details? The situation can even escalate into typing in complete SQL statements and executing them inside the original statements you have coded. Well, this article isn�t here to magically solve your problems and completely seal your sensitive data. Checking for let�s say a customer sessionID and matching it against the URL and the page will still have to be done by you. However, this article will demonstrate a simple method of checking for valid parameters in an already written application. It can be easily plugged in to any website and even if the website contains hundreds of pages, it can still be a very effective tool in your efforts against hackers. The idea behind it is very simple and includes three components. "