Contact us today!

FRS Pros Blog

Why is URL Manipulation a Security Concern?

Why is URL Manipulation a Security Concern?

If you’ve spent any time using a computer, you probably know what a URL is. It is the address of a website. It typically starts with “http//:” or “https://” and directs the Internet browser on where the user would like to surf. Nowadays a threat could be created by manipulating the URL. Today, we’ll take you through this threat. 


Before we get into the manipulation of the URL, let’s define its parts. 

At the beginning of the URL there is the protocol. This tells the computing network which language is being used. For most Internet-based directions, the protocol will be HTTP, for Hypertext Transfer Protocol. Other protocols you’ll see include File Transfer Protocol (FTP), News, and Mailto.

The next part is the ID and password. Since most people don’t want their login credentials exposed, they leave this information out of the URL. Safety first. 

The next part of the URL is the server name. The server name provides users a path to access information stored on specific servers whether they are loaded through a domain or through the IP address associated with that server.

The fourth part of the URL is the port number. This number is associated with the services on the server and tells them what type of resources are being requested. The default port is port 80, which can be left off the URL as long as the information that is being requested is associated with port 80. You’ll often not see the port number during day-to-day surfing, because most legitimate sites use the standard port 80.

The final part of the URL is what is called the path. The path gives direct access to the resources found tied to the IP (or domain).

Manipulating the URL

When a hacker looks to manipulate a URL, he/she does so by changing parts of the URL to test access. Since most users navigate a website through traditional means--that is that they use the links provided on the website--sometimes hackers can find vulnerabilities by a trial and error approach. 

By manipulating the parameters to try different values, hackers can test directories and file extensions randomly to find the resources they are after. This provides access to resources that typically wouldn’t be available and would otherwise be protected. Today, hackers have tools that allow them to automate these penetrations, making it possible to test a website (and more specifically, find vulnerabilities) in seconds. With this method, these hackers can try searching for directories that make it possible to control the site, scripts that reveal information about the site, or for hidden files. 

Directory traversal attacks, also known as path traversal attacks, are also popular. This is where the hacker will modify the tree structure path in a URL to force a server to access unauthorized parts of the website. On vulnerable servers, hackers will be able to move through directories simply.

What You Can Do?

By securing your network against URL attacks, you are eliminating major vulnerability points. One thing you can do is to ensure that all of your Internet-based software is updated and patched with the latest threat definitions. In doing so you gain a lot more control over your network and data. 

The IT experts at FRS Pros can help you keep your business’ IT infrastructure from working against you. Call us today at 561-795-2000 for more information about how to maintain your organization’s network security.

What Value Do Managed Services Offer? Firstly, Pro...
Microsoft Does Some Patching Off Schedule

Mobile? Grab this Article!


Tag Cloud

Tip of the Week Security Technology Best Practices Network Security Productivity Privacy Business Computing Internet Hackers Software Microsoft User Tips Google Cloud Business Management Innovation Hardware Efficiency Computer Email Data Tech Term Windows 10 Cybersecurity Data Backup Communication Hosted Solutions Smartphones IT Support IT Services Mobile Devices Malware Data Recovery Office 365 Smartphone Upgrade Outsourced IT Browser Android Internet of Things Business Gadgets Backup Apps VoIP Windows Small Business Data Security Phishing Workplace Tips Communications Saving Money Managed IT Services Users Disaster Recovery Cybercrime Business Continuity Facebook Network Operating System Automation Information Ransomware Cloud Computing Mobile Device Management Vulnerability Two-factor Authentication Employer-Employee Relationship OneNote Server Money Artificial Intelligence Alert Managed Service Passwords Law Enforcement Miscellaneous Social Media Holiday Virtualization Collaboration Health Applications Wireless Networking Chrome IT Support Best Practice Managed IT Managed IT Services Spam Microsoft Office Blockchain Save Money Computers Data Storage Router Quick Tips Mobile Device Google Drive Settings Windows 7 Retail Word Telephone Systems Managed Service Provider Tech Support Bandwidth Project Management Patch Management Password Unsupported Software Augmented Reality Information Technology BYOD Data Breach Access Control App Printing Bring Your Own Device Hacking Gmail Windows 10 Proactive IT Fraud SaaS Google Assistant History Hybrid Cloud Evernote Risk Management Voice over Internet Protocol Touchscreen User Error Budget WiFi Hosted Solution Wireless Technology Mobility Data Management Search Wi-Fi Business Technology Cortana Avoiding Downtime Audit Software as a Service Data Loss Update Data Protection Shortcut Productivity Meetings Hard Drive Politics Display Conferencing Sports Going Green Social BDR Google Docs Paperless Office Wireless Charging IT Management Government Payment Cards Devices Cost Management Telephony Marketing WannaCry Robot Commerce Application Encryption Travel The Internet of Things Mobile Security Excel VPN iPhone Vendor File Sharing Safety Benchmarks Reputation Battery Break/Fix Apple Smart Devices Remote Monitoring Hyperlink Instant Messaging Hacker Machine Learning Tablets Maintenance Files Holidays Data storage Identity Printers Sales Proactive DDoS Micrsosoft IT solutions Wireless Internet Emergency Saving Time Sync Disaster Managed IT Service Remote Computing Employee-Employer Relationship Storage Social Engineering Recovery Investment Myths iOS WIndows Server 2008 Point of Sale Medical IT Edge Sabotage Troubleshooting Value Wasting Time FAQ HBO Amazon Keyboard Downtime NFL eWaste Copiers Data Privacy Entertainment Websites Business Intelligence Windows 10s Gamification Keyboard Shortcuts Computer Care Managed Services Provider Nanotechnology Identity Theft Identities Administrator ROI Screen Mirroring Lithium-ion battery Threats Transportation Office 5G Ciminal Streaming Media PC Unified Threat Management CRM Laptop Accessory Charger Digital Signage Solid State Drive Private Cloud Virtual Assistant E-Commerce Device Security Inventory Data Theft Memory Human Resources Adobe Workers Facebook Privacy Root Cause Analysis Testing Vendor Management Legislation Language Access Windows Server 2008 R2 Emails Cast Scams Computer Fan Scam YouTube Chromecast Upgrades Touchpad Computer Forensics Peripheral Firewall Hard Disk Drive Education Alexa for Business Windows Ink Chromebook Co-Managed Services Gifts Computing Financial Payroll Licensing Updates eCommerce Camera Samsung Comparison Internet Exlporer Mobile Office Outlook Virtual Private Network Employees Microsoft Excel IT budget Smartwatch Humor Management Processor IT Solutions Employee Google Maps Spyware Hosted Desktop Legal Telephone Credit Cards App store Uninterrupted Power Supply Personal Information Security Cameras Microsoft Word Fiber Optics Antivirus Projects Specifications Virus Development Webinar Admin Remote Workers OneDrive Server Maintenance Consultant PowerPoint Compliance Smart Technology PDF Flexibility Music Mobile Computing Television CrashOverride Company Culture Regulation Text Messaging Scalability Analytics Black Market Cleaning Automobile Office tips Twitter Big Data Managing Stress Advertising Thank You USB Worker How To Books Hiring/Firing Communitications Video Games Experience Congratulations HaaS Virtual Reality End of Support Work/Life Balance Relocation Crowdsourcing Employer Employee Relationship Current Events Electronic Medical Records Benefits Cache Phone System Save Time es Training Monitors Computer Accessories