Performance and User Experience Improvements to the ASU/NASA Space Grant Website Sean.Malley@asu.edu.

Slides:



Advertisements
Similar presentations
Database management system (DBMS)  a DBMS allows users and other software to store and retrieve data in a structured way  controls the organization,
Advertisements

WebGoat & WebScarab “What is computer security for $1000 Alex?”
9/9/2005 Developing "Secure" Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.
A case for business.  College Curriculums Lacks security module Not updated  Programmers Hard to find Lack formal training unaware.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.
Input Validation For Free Text Fields ADD Project Members: Hagar Offer & Ran Mor Academic Advisor: Dr Gera Weiss Technical Advisors: Raffi Lipkin & Nadav.
LCT2506 Internet 2 Further SQL Stored Procedures.
By Morris Wright, Ryan Caplet, Bryan Chapman. Overview  Crawler-Based Search Engine (A script/bot that searches the web in a methodical, automated manner)
Crawler-Based Search Engine By: Bryan Chapman, Ryan Caplet, Morris Wright.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
MS Access: Database Concepts Instructor: Vicki Weidler.
Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
Microsoft Access 2000 Creating Tables and Relationships.
(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Week 7. Lecture 3 PHP Forms. PHP forms In part 2 of this course, we discussed html forms, php form is similar. Lets do a quick recap of the things we.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
© 2003 By Default! A Free sample background from Slide 1 Week 2  Free PHP Hosting Setup  PHP Backend  Backend Security 
Online Translation Service Capstone Design Eunyoung Ku Jason Roberts Jennifer Pitts Gregory Woodburn Kim Tran.
Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.
SQL injection Figure 1 By Kaveri Bhasin. Motive of SQL Injection Obtain data from database Modify system functions Insert data in the backend database.
Data Management Console Synonym Editor
WEEK 6 Jeongmin Lee 1. Goal  Having experience with Regular Expressions  Develop a program that checks user input that is course number of CS dept.
Internet Information Systems Writing to Databases and Amending Data.
Access Chapter 5-Table Tricks, Advanced Queries and Custom Forms.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.
Google Map Engine Can export images to Map Engine from Earth Engine
CSC 2720 Building Web Applications Basic Frameworks for Building Dynamic Web Sites / Web Applications.
EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.
SQL Injection Anthony Brown March 4, 2008 IntroductionQuestionsBackgroundTechniquesPreventionDemoConclusions.
Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.
Multimedia Festival Registration. Creation of database tables Student table Project table Criteria table.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
Software. Because databases can get very big, it is important to decide exactly what is going to be stored in each field. Fields can be text, number,
SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.
START Application Spencer Johnson Jonathan Barella Cohner Marker.
Potential NEALP candidates Where is the data input site?
Introduction The concept of a web framework originates from the basic idea that every web application obtains its foundations from a similar set of guidelines.
3 A Guide to MySQL.
Creating a database table
Microsoft Office Access 2010 Lab 2
SQL Injection.
By Dan Gotlund & Eric Acierto
Unix System Administration
Database Systems Unit 16.
SQL INJECTION ATTACKS.
PHP & MySQL Introduction.
Haritha Dasari Josue Balandrano Coronel -
Data File Import / Export
…and web frameworks in general
Web Systems Development (CSC-215)
Web Systems Development (CSC-215)
PHP: Security issues FdSc Module 109 Server side scripting and
Databases Software This icon indicates the slide contains activities created in Flash. These activities are not editable. For more detailed instructions,
Lecture 2 - SQL Injection
Online Translation Service Capstone Design
Overview of Contract Association Batch Upload
…and web frameworks in general
Guidelines for Microsoft® Office 2013
Summary of New Features CEAL Statistics Database 2005
Unit J: Creating a Database
Lecture 2 Lecturer: awdang aziz MS access
Enterprise Class Security Scanner
Presentation transcript:

Performance and User Experience Improvements to the ASU/NASA Space Grant Website Sean.Malley@asu.edu

Presentation Structure Input Validation Database Improvements Toward Drupal

Input Validation Preventing XSS and SQL Injection

General Process Take User Input Check for Completion POSTs from forms, GET from navigation Check for Completion Strip Improper Characters Check Proper formation (Phone Numbers, IDs and so on) Store in Database or Return to User

Benefits Reduces Potential of Successful Attack “Exploits of a Mom” XKCD.com Helps user properly complete forms Saves time correcting user error

Implementation Research acceptable data for each field Official Specifications Previous Data Educated Guesses Names like O’malley or with accents Project names Semicolons etc

Implementation Create filtering function library Test MySQL escaping functions Regular expression functions Basic type testing functions Test Sample applications

Database Improvements

Database Modifications Cleaning out previous bad entries and depreciated tables Creating a new database structure to simply data storage and extraction Working on structures to better incorporate past data and data sharing between Space Grant Programs

Toward Drupal

The Current Framework is Complex Over 710 PHP Files 826 Images 465 Folders 2 Databases 53 Tables

Benefits of Drupal One display system makes standards compliance simpler Time tried CMS means less errors and the benefit of many skilled developers Skinning the website is simpler Modular setup makes adding features much easier

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.