MIS Professor Sandvig MIS 324 Professor Sandvig

Slides:



Advertisements
Similar presentations
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Advertisements

CSCI 6962: Server-side Design and Programming Input Validation and Error Handling.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Tutorial 6 Creating a Web Form
9/9/2005 Developing "Secure" Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.
Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Forms Review. 2 Using Forms tag  Contains the form elements on a web page  Container tag tag  Configures a variety of form elements including text.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
1 Forms for the Web Tom Muck
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
Module 7: Validating User Input.
.NET Validation Controls MacDonald Ch. 8 MIS 324 MIS 324 Professor Sandvig Professor Sandvig.
Validation Controls. Validation Server Controls These are a special type of Web server control. They significantly reduce some of the work involved in.
Telerik Software Academy ASP.NET Web Forms Data Validation, Data Validators, Validation Groups Telerik Software Academy
By Daniel Siassi.  XHTML  For Structure  CSS  For Stylization of Structure  SQL Database  Store Customer, Calendar, and Order Data  PHP  Server-side.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
CSCI 6962: Server-side Design and Programming Validation Tools in Java Server Faces.
Jacqueline A. Gill, Associate Professor EBSCOHOST Click the down or up arrows on your BROWSER to move forwards.
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
Online Translation Service Capstone Design Eunyoung Ku Jason Roberts Jennifer Pitts Gregory Woodburn Kim Tran.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
NMD202 Web Scripting Week3. What we will cover today Includes Exercises PHP Forms Exercises Server side validation Exercises.
Simple MVC. An example: join.jsp
Accessing Your MySQL Database from the Web with PHP (Ch 11) 1.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Building Secure Web Applications With ASP.Net MVC.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
VALIDATION CONTROLS.  Validation Controls are primarily used to validate, or verify the data entered by user into a web form.  Validation controls attempt.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
INT222 - Internet Fundamentals Shi, Yue (Sunny) Office: T2095 SENECA COLLEGE.
©SoftMooreSlide 1 Introduction to HTML: Forms ©SoftMooreSlide 2 Forms Forms provide a simple mechanism for collecting user data and submitting it to.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
Vijayalakshmi G M Validation Controls.
HTML5 Forms Forms are used to capture user input …
Text INTRODUCTION TO ASP.NET. InterComm Campaign Guidelines CONFIDENTIAL Simply Server side language Simplified page development model Modular, well-factored,
SQL Injection Attacks An overview by Sameer Siddiqui.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
Unit 4 Working with data. Form Element HTML forms are used to pass data to a server. A form can contain input elements like text fields, checkboxes, radio-buttons,
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
SQL Injection Attacks.
>> Form Data Validation in JavaScript
IS1500: Introduction to Web Development
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
SQL Injection.
MIS Professor Sandvig MIS 324 Professor Sandvig
CS 371 Web Application Programming
Cross-Site Request Forgeries: Exploitation and Prevention
Web Programming– UFCFB Lecture 17
Social Media And Global Computing Managing MVC with Model Validation
Objectives Explore web forms Work with form servers
Unit 27 - Web Server Scripting
Exception Handling .NET MVC
Social Media And Global Computing Managing MVC with Model Validation
Defense in Depth Web Server Custom HTTP Handler Input Validation
PHP: Security issues FdSc Module 109 Server side scripting and
JavaScript Form Validation
Lecture 2 - SQL Injection
Creating and Configuring Models Models create කිරීම සහ config කර ගැනීම
MIS Professor Sandvig MIS 324 Professor Sandvig
Online Translation Service Capstone Design
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems
.NET Validation Controls
Who is Using your webSite?
Presentation transcript:

MIS 324 -- Professor Sandvig MIS 324 Professor Sandvig 9/20/2018 Forms & Validation MIS 324 Professor Sandvig

Overview What is validation Server & client validation Validation tools in .NET MVC: Model – DataAnnotations View – HTML helpers Controller - model

What is Validation Checking user inputs for: Datatype Length Required Suspicious code: HTML & Javascript

Why Validate Accidental user errors: Malicious hacking attempts Missing fields Invalid values Email, phone, address, etc. Malicious hacking attempts

Accidental user errors Missing fields Invalid credit card Invalid mail address Invalid dates Invalid email

Malicious Attacks Web forms expose your site to the world. Typically writing user inputs to database. Database contains valuable information Customer information Credit card info Etc.

Malicious Attacks Hackers try to exploit security vulnerabilities Sql Injection Enter invalid data to throw exceptions Expose code Expose database info

Counter Measures Check format: Stronger measures: Email, phone, zip, … Send email with code Send text message Validate address against database Checksum: Credit cards WWU student Id ISBNs

Client and Server validation Browser HTML5 and JavaScript Advantage: Fast, no trip required to server Disadvantage: Easily circumvented Save form to desktop, remove validation, submit

Server Validation Form data submitted to server Data validated on server Advantage: Secure Disadvantage: Requires roundtrip to server More complicated to implement

.NET MVC Validation Provides tools for easy validation: Client: Javascript & HTML5 Server: rechecks, rejects invalid data

.NET MVC Validation DataAnnotations Decorate model with validation attributes Required Data type length Credit card Etc. Easy to implement both client and server validation

.Net MVC Validation Validation Attributes: Required StringLength Range RegularExpression CreditCard CustomValidation EmailAddress FileExtension MaxLength MinLength Phone

.NET MVC Validation Model: public class Student { public int StudentId { get; set; } [Required] public string StudentName { get; set; } [Range(5,50)] public int Age { get; set; } }

.NET MVC Validation View: Client-side validation: Include script libraries

.NET MVC Validation Model: Server-side validation: Example: Calculator/MultiplyCalc

Summary Form Validation Important Time consuming Accidental errors Malicious attacks Time consuming .NET MVC provides convenient tools

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.