header bg


A business's accounting department detects multiple orders that appear to have been placed in error. While investigating the issue, you learn that the pricing of things on various web orders does not appear to match the published pricing on the public site. You ensure that neither the website nor the ordering database seems to have been compromised. Furthermore, there were no alarms in the Snort logs indicating a probable attack on the online application. Which of the following might explain the current attack?

A The attacker has copied the source code to his machine and altered hidden fields to modify the purchase price of the items.

Because the logs and IDSs reveal no direct attack in this example, the attacker most likely transferred the source code straight to his computer and changed the secret "price" fields on the order form. All other forms of attacks would have readily shown themselves in some shape or other.