Using Internet logging software to investigate a case of malicious use of computers, the investigator comes across some entries that appear odd.
From the log, the investigator can see where the person in question went on the Internet. From the log, it appears that the user was manually typing in different user ID numbers. What technique this user was trying?
The user was manually typing in different user ID numbers in the URL, which suggests that they were attempting to manipulate the user ID parameter to gain unauthorized access or perform actions as a different user. This technique falls under the category of parameter tampering. Parameter tampering involves altering parameters exchanged between client and server to exploit vulnerabilities and gain unauthorized access to data or functions.
The correct answer is A. Parameter tampering. The user was manually typing in different user ID numbers, which suggests that they were attempting to manipulate the user ID parameter to gain unauthorized access or perform actions as a different user. This is a classic example of parameter tampering, which is a type of web application attack where an attacker modifies input parameters to alter the behavior of the application. Here's a brief overview of the other options: B. Cross-site scripting (XSS): A type of attack where an attacker injects malicious code into a website to steal data or take control of the user's session. C. SQL injection: A type of attack where an attacker injects malicious SQL code into a web application's database to access or modify sensitive data. D. Cookie poisoning: A type of attack where an attacker manipulates the cookies stored on a user's device to gain unauthorized access or steal sensitive information.
A: https://owasp.org/www-community/attacks/Web_Parameter_Tampering