OWASP - Open Web Application Security Project

Application Security Projects
   Attack Components
        Informational
        Input Validation
        Session Management
        Parameter Manipulation
        Privacy Violations
        Overflows
        Cryptographic
        Misconfigurations
        Open APIs
        Canonicalization
   Testing Framework
   XML Modeling
   Project Schedule

News & Announcements
News Archive

No data sent to the browser can be relied upon to stay the same unless cryptographically protected. Parameter tampering can often be done with;

Informational
Client-Side Comments
Debug Commands
Error Codes
File/Application Enumeration

Input Validation
Client Side Validation
Cross-Site Scripting
Direct OS Command
Direct SQL Commands
Directory Traversal
Meta Characters
Null Characters
URL Encoded Input

Session Management
Session Hi-Jacking
Session Replay

Parameter Manipulation
Cookie Manipulation
Form Field Manipulation
HTTP Header Manipulation
URL Manipulation

Mis-Configurations
Default Accounts
Vendor Patches

Privacy Violations
Browser Cache
Browser History