APPLICATION PENETRATION TEST SUPER VEDA

Application Penetration Test for Super Veda- Sample Report -See a step by step reconstruction of the attack in Appendix A.5.4 PARAMETERS TAMPERINGSeverity: HighAn attacker can manipulate the values of parameters stored on his clientduring the purchase session to alter the application's common workflow.This can lead to:• An attacker misleading a client into reaching the orderstage and then changing his order details, having thepurchase reach the attacker's address instead of therightful owner's address.• Changing the purchase quantity, thus resulting in apurchase whose totals sum is negative.• Changing the 'sale' parameter, thus causing a product tobe sold at a lower price than its actual price.• Changing the name of the active user while contactingthe site's administrator, thus being able to impersonateanother user, and acting in his behalf.Following is a discussion of each of those tampering possibilities:ImpervaPage24 of73