T — Tampering

Tampering is about unauthorized changes to data—inputs, requests, files, or database records. Integrity is the target.

What it means

Tampering is when someone changes data without permission—editing a request, modifying a file, or altering a database record.

Why it matters

If data integrity fails, you can't trust prices, permissions, logs, or decisions. Small changes can create big real-world consequences.

How to mitigate

Validate inputs server-side, use parameterized queries, enforce authorization, and protect data with hashes/signatures and strong access controls.

Mini Shop

Mission: tamper the referral code in the Checkout button.

Not solved

Cart

Subtotal: 0 SEK

Total after referral: 0 SEK

User Info Inspection

The application stores user information locally. Inspect it using: JSON.parse(localStorage.getItem("t_user_info")) What is the user ID?

Not solved

User ID

Loyalty Points Tampering

The app reads loyalty points from localStorage. Change the stored value so loyaltyPoints becomes 1337, then verify.

Not solved

Hint

Use the console again:


              const user = JSON.parse(localStorage.getItem("t_user_info"))
              

              user.??? = 1337
              

              localStorage.setItem("t_user_info", JSON.stringify(user))

Previous task shows all the User Info Inspection value names