Assessing Vulnerability from URL parameters
I am in the processing of helping secure a .NET website against URL hacking. So I have spent some time adding a whitelist of valid domains and sub-domains. But what about query parameters?
My instincts are to add a second whitelist of valid query string parameters, but does that do anything to protect me?
I suppose a determined hacker could, with time and experimentation, find a query string param that has some exploitation value.
What do you think?
My worry is that whitelist of query string params may be difficult to generate, as this website is quite large. And there is always a risk of rejecting a legitimate request. The query string exposure is about revealing key data in the URL, but I am asking whether there is value in asserting that each query string param is in a whitelist of such params?
So, this is a customer service versus hack risk, threat assessment. And if there is little or no measurable reduction in threat, then this parameter whitelist could cause more harm than good.