Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS Professor Sandvig MIS 324 Professor Sandvig

Published byAnna Thornton Modified over 6 years ago

Similar presentations

Presentation on theme: "MIS Professor Sandvig MIS 324 Professor Sandvig"— Presentation transcript:

1 MIS 324 -- Professor Sandvig MIS 324 Professor Sandvig
9/20/2018 Forms & Validation MIS 324 Professor Sandvig

2 Overview What is validation Server & client validation
Validation tools in .NET MVC: Model – DataAnnotations View – HTML helpers Controller - model

3 What is Validation Checking user inputs for: Datatype Length Required
Suspicious code: HTML & Javascript

4 Why Validate Accidental user errors: Malicious hacking attempts
Missing fields Invalid values , phone, address, etc. Malicious hacking attempts

5 Accidental user errors
Missing fields Invalid credit card Invalid mail address Invalid dates Invalid

6 Malicious Attacks Web forms expose your site to the world.
Typically writing user inputs to database. Database contains valuable information Customer information Credit card info Etc.

7 Malicious Attacks Hackers try to exploit security vulnerabilities
Sql Injection Enter invalid data to throw exceptions Expose code Expose database info

8 Counter Measures Check format: Stronger measures: Email, phone, zip, …
Send with code Send text message Validate address against database Checksum: Credit cards WWU student Id ISBNs

9 Client and Server validation
Browser HTML5 and JavaScript Advantage: Fast, no trip required to server Disadvantage: Easily circumvented Save form to desktop, remove validation, submit

10 Server Validation Form data submitted to server
Data validated on server Advantage: Secure Disadvantage: Requires roundtrip to server More complicated to implement

11 .NET MVC Validation Provides tools for easy validation: Client:
Javascript & HTML5 Server: rechecks, rejects invalid data

12 .NET MVC Validation DataAnnotations
Decorate model with validation attributes Required Data type length Credit card Etc. Easy to implement both client and server validation

13 .Net MVC Validation Validation Attributes: Required StringLength Range
RegularExpression CreditCard CustomValidation Address FileExtension MaxLength MinLength Phone

14 .NET MVC Validation Model: public class Student {
public int StudentId { get; set; } [Required] public string StudentName { get; set; } [Range(5,50)] public int Age { get; set; } }

15 .NET MVC Validation View: Client-side validation:
Include script libraries

16 .NET MVC Validation Model: Server-side validation:
Example: Calculator/MultiplyCalc

17 Summary Form Validation Important Time consuming
Accidental errors Malicious attacks Time consuming .NET MVC provides convenient tools

Download ppt "MIS Professor Sandvig MIS 324 Professor Sandvig"

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
CSCI 6962: Server-side Design and Programming Input Validation and Error Handling.

CSCI 6962: Server-side Design and Programming Input Validation and Error Handling.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Tutorial 6 Creating a Web Form

Tutorial 6 Creating a Web Form
9/9/2005 Developing Secure Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.

9/9/2005 Developing "Secure" Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Forms Review. 2 Using Forms tag  Contains the form elements on a web page  Container tag tag  Configures a variety of form elements including text.

Forms Review. 2 Using Forms tag  Contains the form elements on a web page  Container tag tag  Configures a variety of form elements including text.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security

Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
Www.dwteam.com 1 Forms for the Web Tom Muck www.dwteam.com.

1 Forms for the Web Tom Muck
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.

1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
Module 7: Validating User Input.

Module 7: Validating User Input.
.NET Validation Controls MacDonald Ch. 8 MIS 324 MIS 324 Professor Sandvig Professor Sandvig.

.NET Validation Controls MacDonald Ch. 8 MIS 324 MIS 324 Professor Sandvig Professor Sandvig.
Validation Controls. Validation Server Controls These are a special type of Web server control. They significantly reduce some of the work involved in.

Validation Controls. Validation Server Controls These are a special type of Web server control. They significantly reduce some of the work involved in.
Telerik Software Academy ASP.NET Web Forms Data Validation, Data Validators, Validation Groups Telerik Software Academy

Telerik Software Academy ASP.NET Web Forms Data Validation, Data Validators, Validation Groups Telerik Software Academy
By Daniel Siassi.  XHTML  For Structure  CSS  For Stylization of Structure  SQL Database  Store Customer, Calendar, and Order Data  PHP  Server-side.

By Daniel Siassi.  XHTML  For Structure  CSS  For Stylization of Structure  SQL Database  Store Customer, Calendar, and Order Data  PHP  Server-side.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.

Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.

Similar presentations

Ads by Google