Data validation in web applications

Jun 21, 2011Download as pptx, pdf

4 likes10,443 views

Presentation on HTML5 Data Validation Techniques (Input Types, Constraints) for the UC Davis 2011 IT Security Symposium. Accompanying demo code at https://github.com/srkirkland/ITSecuritySymposium

Data Validation in Web ApplicationsWelcome to:

Hi! I’m Scott KirklandSlinging code @ UCDavis for 8 yearsCurrently Sr. Application Architect for the College Of Agricultural and Environmental Sciences Dean’s OfficeOpen source coderhttps://github.com/srkirklandMvcHtml5, Data Annotations Extensions, ITSecuritySymposiumhttps://github.com/ucdavisUCDArch, Web ApplicationsCo-founded the local .NET User Group

The most common web application security weakness is the failure to properly validate input from the client or environment. - OWASP[1]

Input Validation in Web FormsEnsure user supplied data is Strongly typedCorrect syntaxWithin length boundariesContains only permitted charactersOr that numbers are correctly signed and within range boundariesIs “business rule correct”

Client Side ValidationValidate data on the client firstProvides better feedback to the end userMakes your site feel more responsiveAlways validate on server-side as well!

JavaScript Validation“Current” solution, useful & widely supported (Probably about 95%)Any JavaScript errors and validation disappearsFairly difficult to implement, though libraries help[3]

$JavaScript Validation: EmailIs this a good email regex?\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\bYes, except when it isn’tNon-english, some TLDs not covered, no special charsHow about this (RFC 2822)?(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])Allows some crazy stuff, like \@scott\@=k@domain.com$

HTML5 Input ValidationTwo major form validation innovationsNew Input TypesConstraint Validation

HTML5 Input TypesNew input types were added to augment<input type=“text” />

HTML5 Input Typessearchtelurlemailnumberrangecolordatetimedatemonthweektimedatetime-local

HTML5 Input TypesGives semantic meaning to your formsEnable behaviors based on input type

HTML5 Input TypesSo, that was pretty coolSimply changing input types can add basic validationBenefits go beyond validationAdditive only – no drawbacks

HTML5 Input Types<input type=“email” /><input type=“url” />

HTML5 Input Types<input type=“tel” /><input type=“number” />

HTML5 Constraint ValidationRequiredPatternMaxLengthMin/Max

HTML5 Constraint ValidationRequired<input type=“text” required />MaxLength<input type=“text” maxlength=“10” />Pattern<input type=“text” pattern=“[0-9]{5}” />

Of course, this only works in HTML5 capable browsersOlder browsers will ignore these new attributesWith JavaScript you can “Polyfill” for “regressive” enhancement

PolyfillA polyfill, or polyfiller, is a piece of code (or plugin) that provides the technology that you, the developer, expect the browser to provide nativelyGenerally, you test the browser for a feature. If it is not present natively, use JavaScript to add the feature

Develop for tomorrow… today!Great library called Modernizrhttp://www.modernizr.com/Helps with feature detection & media queriesAllows older browsers to work with Html5 elementsMuch more

Use the new input types They may do data validation for youMake your users happy (iOS & more)They will keep getting betterNative experience

Constraint ValidationUseful for “first line of defense” or backupYou should continue to use JavaScript for client validation

Authentication, authorization, and accounting (AAA) represent the major components of network access control and security. Authentication ensures a user's identity by requiring credentials like usernames and passwords. Authorization then determines the resources and services individual users have access to based on their authentication. Accounting tracks user activity for purposes like trend analysis, billing, auditing, and capacity planning. Together these three components (authentication, authorization, accounting) provide the foundation for secure network management and administration through identity verification and access control.

Network SecurityRaymond Jose

The document discusses why network security is important and outlines common security threats and network attacks. It notes that as networks have grown in size and importance, security compromises could have serious consequences. It describes various types of threats like hackers, crackers, viruses and malware that target network vulnerabilities. It also provides examples of reconnaissance attacks, denial of service attacks, and different strategies that can be used to mitigate security risks.

Kaspersky antivirus pptDipak Bamugade

Kaspersky Anti-Virus features include real-time protection, detection and removal of various malware threats. It provides automatic updates and protects devices like servers, laptops and mobile devices. Select tier combines technologies with flexible cloud management and centralized controls to protect data on all endpoints. It protects against new threats, reduces exposure to cyberattacks with endpoint hardening, boosts productivity while keeping employees safe with cloud controls, and secures diverse environments without impacting performance.

Internet connectivity Shibin S B

This document discusses various types of internet connectivity options. It describes gateway access, dial-up connections, leased connections, DSL, cable modem connections, VSAT, and wireless/satellite internet connections. For each type, it provides details on the technology, speeds, advantages, and disadvantages. The main points are that there are different levels of access from limited gateway access to dedicated leased lines, and that connection speeds and capabilities have increased significantly over the past 10-20 years with technology improvements like DSL, cable, and wireless/satellite options now available.

John the ripper & hydra password cracking toolMd. Raquibul Hoque

This presentation discusses the password cracking tools John the Ripper and Hydra. John the Ripper uses brute force and dictionary attacks to crack passwords stored in shadow files. It runs on Linux, Mac OSX, and other platforms. Hydra is a password cracking tool that uses dictionary attacks or brute force to test weak passwords across over 30 protocols like FTP and HTTP. Both tools allow loading wordlists to crack passwords through brute force or dictionary attacks and are commonly used in Kali Linux for password auditing.

Wireless networkDevyani Vaidya

Wireless networks allow devices to connect to a network without being physically connected by cables. They work by transmitting radio signals that carry data between wireless devices and access points or base stations. There are different types of wireless networks including WLANs for local areas like campuses, WPANs for personal networks using technologies like Bluetooth, and WMANs for connecting multiple networks over a metropolitan area. Wireless networks offer mobility and flexibility compared to wired networks but have lower bandwidth and speeds. Common applications of wireless networks include mobile access to the internet, extending wired networks wirelessly, and connecting remote areas without wired infrastructure.

Advanced computer networkTrinity Dwarka

Topic:Terminal handling & pollingDr Rajiv Srivastava

Network SecurityMAJU

Virtual Private Networks (VPN) pptOECLIB Odisha Electronics Control Library

Ud6 redes localescarmenrico14

El documento trata sobre las herramientas y estrategias para el mantenimiento de redes LAN. Explica los comandos y programas más utilizados para diagnosticar problemas como Ping, Ipconfig, Netstat, entre otros. También describe las causas físicas y lógicas de las incidencias en las redes, así como las herramientas gratuitas para la monitorización y solución de disfunciones como PRTG. Finalmente, detalla los pasos para restituir el funcionamiento sustituyendo equipos o elementos de hardware dañados.

SpamApostolos Syropoulos

Spam exists in various forms of internet communication like email, instant messages, discussion boards and internet telephony. Email spam is the most common type and involves receiving unwanted advertisements and marketing emails. Spam grows as communication technologies evolve and spammers find new cheap ways to advertise. While spam can never be fully stopped, individuals can take steps like using strong passwords, email filters and antivirus software to reduce the amount of spam received. Other forms of spam include SPIM (spam over instant messages), SPIT (spam over internet telephony) and avoiding public exposure of contact details can help limit these.

Web securitykareem zock

The document outlines various web application vulnerabilities and defenses. It discusses outdated software, guessable passwords, exposed source code, client-side issues, authentication errors, injections, and cross-site scripting. It recommends strong defenses like updating software, encrypting source code, validating all user input, and using tools like mod_security to analyze code and monitor activity. The goal is to close vulnerabilities at each layer of a web application to prevent hackers from accessing sensitive data like databases.

Cybersecurity PowerPoint PresentationRitik Kumar

IP ConfigurationStephen Raj

An IP address is a numerical label assigned to devices in a network using the Internet Protocol for communication. It is composed of four numbers separated by periods, with each number representing eight bits for a total of 32 bits. A subnet mask defines which parts of the IP address represent the network ID and which represent the host ID. A default gateway, usually a router, delivers packets when a computer does not know the destination network.

Cyber Security AwarenessRamiro Cid

Networking ppt Shovan Mandal

This document provides an overview of various computer networking concepts and components. It begins with definitions of networking basics like communications and telecommunications. It then describes the essential parts of a basic network including a message, transmitter, medium, receiver and destination. The document outlines different network topologies like bus, ring, star, star-bus and mesh. It also discusses network types like peer-to-peer and client-server networks. The document provides details on common networking media and components including coaxial cable, twisted pair cables, optical fibers, wireless transmission, hubs, gateways, routers, bridges and switches. It concludes with a brief introduction to the IEEE 802 family of standards related to local and metropolitan area networks.

Wireless Network SecurityGyana Ranjana

The document provides an overview of wireless network security, outlining common issues, threats, and security measures for wireless networks. It discusses standards and protocols like WEP, WPA, and WPA2 and provides practical tips for securing a wireless network, such as enabling encryption, changing default settings, and using firewalls. The document also briefly discusses future trends in wireless network security.

Network Security Threats and SolutionsColin058

Network security threats are increasing as more people and devices connect to networks. The document identifies ten major network security threats: viruses and worms, Trojan horses, spam, phishing, packet sniffers, maliciously coded websites, password attacks, hardware loss and data fragments, shared computers, and zombie computers/botnets. Each threat is described and potential solutions are provided, such as using security software to block viruses, encryption to prevent packet sniffing, and intrusion prevention systems to counter botnets. Network security managers face ongoing challenges due to the variety of threats and lack of solutions for some issues like password attacks.

Password ManagementRick Chin

Cyber security threats for 2017Ramiro Cid

Cyber security fundamentalsCloudflare

The document discusses cyber security fundamentals and challenges, describing how Cloudflare provides security solutions like DDoS mitigation, bot management, and web application firewalls to protect websites and applications from threats. It explains common security threats like DDoS attacks, bots, and vulnerabilities and how Cloudflare uses a global network and machine learning to detect and block attacks while ensuring high performance and availability.

Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | EdurekaEdureka!

YouTube Link: https://youtu.be/dz7Ntp7KQGA ** Edureka Ethical Hacking Course: https://www.edureka.co/cybersecurity-certification-training ** This Edureka PPT on "Ethical Hacking Full Course" will help you learn Ethical Hacking and Cyber Security concepts from scratch. You will learn about different kinds of Cyberattacks and ethical hacking tools used to prevent such attacks. There are a lot of demos on several tools in this Ethical Hacking Tutorial for Beginners PPT. You will also learn how to become an Ethical Hacker. Follow us to never miss an update in the future. YouTube: https://www.youtube.com/user/edurekaIN Instagram: https://www.instagram.com/edureka_learning/ Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka Castbox: https://castbox.fm/networks/505?country=in

All about emailestefana4

Email is a method for transmitting data, files, photos, and audio/video between computers over the internet. It originated in the 1960s-1970s for communication between computer terminals and evolved with the growth of networks and the internet. Email users can create and send messages with attachments to recipients individually or in groups from commercial programs using an email address format of [email protected].

EmailMuhammad Hasham

The document discusses the history and uses of email in daily life, business, education, and marketing. It then outlines how to properly write an email, including determining the type of email, including the necessary parts like the subject line, salutation, introduction, body, and closing. Finally, it discusses common errors in email writing like using the wrong tone, writing too much, forgetting attachments, being too emotional, and not reviewing emails before sending.

SERVICES ON THE INTERNETRiya Gupta

This document provides an overview of various services available on the internet. It discusses information retrieval and search engines, how to find people, chat, uploading and downloading files, telnet, blogs, newsgroups, email, and other services like videoconferencing, e-learning, e-banking, e-shopping, e-reservation, and social networking. The document defines each service and explains how it works at a high level.

Web securityMuhammad Usman

This document discusses various aspects of web security, including the need for security when transmitting data over the internet, common security measures like authentication, authorization, encryption, and accountability. It describes techniques for securing web applications such as SSL, firewalls, VPNs. It provides details on authentication methods like basic authentication and form-based authentication. It also explains concepts like SSL certificates, VPN types, and how firewalls and SSL work.

Network security pptOECLIB Odisha Electronics Control Library

Types of Data ValidationMetric Fox

Data validation is the process of checking database to ensure that the information gathered from different data sources is clean, accurate and in a standard format. Data validation can be simple or complex, depending upon the way it is performed. For example, validating email address, or phone numbers is easy. On the other hand, checking different data fields for consistency and accuracy in a master database will be complex. In a nutshell, data needs to be validated at the same stage/level where it’s most likely to be erroneous.

Data validationQamar Wajid

This document discusses different techniques for validating data models, including verification versus validation, why and what to validate, the base of validation, and specific validation techniques. The key techniques discussed are team review, simulation, direct application, and testing. Team review involves both formal and informal peer review steps. Simulation validates the model by simulating real-world conditions. Direct application builds and tests a model in stages. Testing establishes a baseline and uses a test-driven approach to validate changes.

More Related Content

What's hot (20)

Network SecurityMAJU

Virtual Private Networks (VPN) pptOECLIB Odisha Electronics Control Library

Ud6 redes localescarmenrico14

SpamApostolos Syropoulos

Web securitykareem zock

Cybersecurity PowerPoint PresentationRitik Kumar

IP ConfigurationStephen Raj

Cyber Security AwarenessRamiro Cid

Networking ppt Shovan Mandal

Wireless Network SecurityGyana Ranjana

Network Security Threats and SolutionsColin058

Password ManagementRick Chin

Cyber security threats for 2017Ramiro Cid

Cyber security fundamentalsCloudflare

Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | EdurekaEdureka!

All about emailestefana4

EmailMuhammad Hasham

SERVICES ON THE INTERNETRiya Gupta

Web securityMuhammad Usman

Network security pptOECLIB Odisha Electronics Control Library

Network SecurityMAJU

Virtual Private Networks (VPN) pptOECLIB Odisha Electronics Control Library

Ud6 redes localescarmenrico14

SpamApostolos Syropoulos

Web securitykareem zock

Cybersecurity PowerPoint PresentationRitik Kumar

IP ConfigurationStephen Raj

Cyber Security AwarenessRamiro Cid

Networking ppt Shovan Mandal

Wireless Network SecurityGyana Ranjana

Network Security Threats and SolutionsColin058

Password ManagementRick Chin

Cyber security threats for 2017Ramiro Cid

Cyber security fundamentalsCloudflare

Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | EdurekaEdureka!

All about emailestefana4

EmailMuhammad Hasham

SERVICES ON THE INTERNETRiya Gupta

Web securityMuhammad Usman

Network security pptOECLIB Odisha Electronics Control Library

Viewers also liked (20)

Types of Data ValidationMetric Fox

Data validationQamar Wajid

Validation for different kind of datasong_lachinhminh_smile

This document discusses validation for different types of data when writing test cases and executing tests. It provides information on validating text fields, date fields, and numeric data. For text fields, it describes validating mandatory fields, maximum length, accepted special characters, trimming spaces, and case sensitivity. For date fields, it discusses validating format, comparing to current and other dates. For numeric data, it covers validating mandatory fields, maximum and minimum values, integer/decimal, positive/negative, and format conversion. The document concludes by inviting discussion.

Validation and Verificationmrmwood

Validation checks data as it is entered against predefined rules to reduce errors. There are 5 types of validation: presence, range, format, length, and list/lookup checks. Verification further checks the data to catch any errors missed by validation, such as proofreading or double data entry where data is entered twice and compared to ensure accuracy. An example showed how validation allows an incorrect date to pass format checks but verification would catch the error.

verification and validationDinesh Pasi

Verification ensures software meets specifications, while validation ensures it meets user needs. Both establish software fitness for purpose. Verification includes static techniques like inspections and formal methods to check conformance pre-implementation. Validation uses dynamic testing post-implementation. Techniques include defect testing to find inconsistencies, and validation testing to ensure requirements fulfillment. Careful planning via test plans is needed to effectively verify and validate cost-efficiently. The Cleanroom methodology applies formal specifications and inspections statically to develop defect-free software incrementally.

Data validation optionmaheshwarpoloju

Data Validation Option is an ETL testing tool that comes with Informatica PowerCenter. It reads table definitions from PowerCenter repositories and validates data by checking for inconsistencies. It can verify that data moved or transformed by PowerCenter workflows is complete, accurate, and unchanged. Data Validation Option defines validation rules, runs tests against those rules, and examines results to identify errors in the ETL process.

Data VerificationInfoCheckPoint

Gain an overview of data verification and validation, the methods and techniques used to keep data clean as well as new business practices in the industry that help in maintaining data quality and preventing data decay. Adopt new approaches of “Think Blue” and “Think Green”, in order to create a pollution free virtual environment. Check out more - http://www.infocheckpoint.com/Images/pdf/Expand-your-Enterprise-Exponentially-whitepaper.pdf

Validation and verificationDe La Salle University-Manila

PROCESS VALIDATIONPharmaceutical

Audit logs for Security and ComplianceAnton Chuvakin

Audit logs and trails provide important security and compliance information about systems and networks. They can be used to detect threats, investigate incidents, and ensure regulatory compliance. However, simply collecting logs is not enough - they must be consistently analyzed through a log review program to extract meaningful insights and optimize security decisions. Common mistakes include not actually reviewing logs, storing logs for too short a time period, and not normalizing logs to facilitate analysis across different sources.

Dynamic Data Validation ListsMarc Rivait, PMP

This document discusses how to create dynamic data validation lists in Excel that automatically update when the source data changes. It provides examples of building simple validation lists using cell ranges and named ranges, but explains that these methods require manual maintenance when the list data changes. The solution presented is to use a dynamic range formula for the list that references the data column and uses COUNTA to dynamically determine the last row, eliminating the need for manual maintenance of the list. Steps are provided to set this up along with an explanation of how the formula works.

How to create a validation list in excelDanny Wong

ValidationCOGS Presentations

Wpf ValidationRookieOne

Annotation-Based Spring Portlet MVCJohn Lewis

Starting with Spring MVC 2.5, Annotation-Based Controllers became the preferred model for development (the Interface-based Controller hierarchy will be deprecated in Spring 3). This session will teach developers familiar with the old model how to use the new Annotation-based Controllers. This will also provide the basis for writing JSR 286 portlets using Spring 3. Sample code available here: http://www.ja-sig.org/wiki/x/vYS8AQ Full screencast available here: http://vimeo.com/10020881

Data validation - ExcelYi Chiao Cheng

This document outlines a lesson plan for proper Excel maintenance through techniques like data validation, conditional formatting, and pivot tables. The plan includes ensuring clean data input, visualizing trends in the data through conditional formatting, and enabling deeper analysis with pivot tables. Hands-on examples are provided for using data validation drop down lists to maintain good practices like listing options in a reference tab.

Model-Based Simulation of Legal Requirements: Experience from Tax Policy Simu...Software Verification and Validation Laboratory - Software Verification and Validation Laboratory

Using models for expressing legal requirements is now commonplace in Requirements Engineering. Models of legal requirements, on the one hand, facilitate communication between software engineers and legal experts, and on the contrary, provide a basis for systematic and automated analysis. The most prevalent application of legal requirements models is for checking the compliance of software systems with laws and regulations. In this presentation, we explore a complementary application of legal requirements models, namely simulation. We observe that, in domains such as taxation, the same models that underlie legal compliance analysis bring significant added value by enabling simulation. Concretely, this presentation reports on the model-based simulation of selected legal requirements (policies) derived from Luxembourg’s Income Tax Law. The simulation scenario considered in the case study is aimed at analyzing the impact of a current tax law reform proposal in Luxembourg. We describe our approach for simulation along with empirical results demonstrating the feasibility and accuracy of the approach. We further present lessons learned from the experience.

Application Logging Good Bad Ugly ... Beautiful?Anton Chuvakin

Validation verificationkhair20

This document discusses validation and verification techniques used to ensure accurate data entry into computer systems. Verification checks that data is correctly transferred from its original source, often by having users confirm entered data on screen or entering it twice. Validation uses automatic checks by computers to ensure data makes sense, for example checking for presence, type, length, or value ranges. Common validation methods include presence, type, length, range, format and check digit checks. Validation helps ensure accurate data but does not check correct entry like verification.

Verfication and validation of simulation modelsDe La Salle University-Manila

This document discusses verification and validation of simulation models. It presents four approaches to determining model validity: 1) the model development team decides validity, 2) users are heavily involved in deciding validity, 3) an independent third party decides validity through independent verification and validation (IV&V), and 4) using a scoring model. It also presents two paradigms relating verification and validation to the modeling process - a simple view and a more complex view. Key aspects of validation discussed include conceptual model validity, model verification, operational validity, and data validity. A recommended validation procedure and brief discussion of accreditation are also provided.

Types of Data ValidationMetric Fox

Data validationQamar Wajid

Validation for different kind of datasong_lachinhminh_smile

Validation and Verificationmrmwood

verification and validationDinesh Pasi

Data validation optionmaheshwarpoloju

Data VerificationInfoCheckPoint

Validation and verificationDe La Salle University-Manila

PROCESS VALIDATIONPharmaceutical

Audit logs for Security and ComplianceAnton Chuvakin

Dynamic Data Validation ListsMarc Rivait, PMP

How to create a validation list in excelDanny Wong

ValidationCOGS Presentations

Wpf ValidationRookieOne

Annotation-Based Spring Portlet MVCJohn Lewis

Data validation - ExcelYi Chiao Cheng

Model-Based Simulation of Legal Requirements: Experience from Tax Policy Simu...Software Verification and Validation Laboratory - Software Verification and Validation Laboratory

Application Logging Good Bad Ugly ... Beautiful?Anton Chuvakin

Validation verificationkhair20

Verfication and validation of simulation modelsDe La Salle University-Manila

Similar to Data validation in web applications (20)

HTML5 Mullet: Forms & Input ValidationTodd Anglin

Todd Anglin gave a presentation on HTML5 forms and input types. He discussed the new input types available like email, url, number and date/time. He demonstrated how to use these new input types and attributes like placeholder, required and pattern. Anglin also covered customizing the browser rendered inputs using shadow DOM and styling validation states with CSS. For older browsers without native support, he recommended polyfilling the new functionality with JavaScript.

Validating forms (and more) with the HTML5 pattern attributecliener

In the past, validating forms in the client has typically required doing some heavy lifting with JavaScript. But you may not know HTML5 changes all that. Browsers now check that the content of an input match its type (and we've got new types like email, url and number to make that even more useful). But, what you might not know about is the pattern attribute, which lets us use regular expressions directly in HTML to specify what format the user's input should have. In this session, Chris Lienert will look at some of the common regex patterns you can use to validate user input, coupled with some of the many tricks he's learned to help users complete those forms we all love to hate.

HTML5 Forms OF DOOMStephanie Hobson

Moving to the client - HTML5 is here Christian Heilmann

In this talk Chris Heilmann and Robert Nyman de-mystify some of the rumours around HTML5 and show you just how many tasks of day-to-day app development can be done by the browser for you rather than having to write all the code by yourself. Life as a front-end developer is much easier than you think - if you keep up-to-date and embrace the movement that wants to make the web an easier and faster place for all. The audio of the talk is available at http://www.archive.org/details/Html5IsHere-ChrisHeilmannAndRobertNymanAtFosdem2011

Web Forms People Don't Hatecliener

Building & Breaking Web Forms with Quaid-JScliener

The document discusses building and designing web forms using Quaid-JS. It covers design patterns for forms like vertical labels and fields. It also discusses building forms with HTML5 attributes, validating forms early and often, embracing and extending HTML and DOM with custom input types, using data attributes, and adding custom validation with inline, on submit, and AJAX methods. Internationalization is supported by plug-in JavaScript files for different locales. The library is open source on GitHub and has been used on a live website.

GCSECS-DefensiveDesign.pptxazida3

Defensive programming techniques aim to avoid problems in code development and during runtime. Issues that can occur include dodgy user input data, poorly structured code that is hard to maintain, and runtime errors. Defensive design focuses on preventing unintended exploitation of systems, keeping code well-organized, and minimizing bugs. Input validation and sanitization are important techniques to check user data meets criteria and remove unwanted characters. Database inputs especially need to be sanitized to prevent SQL injection attacks.

JavaScript - Chapter 14 - Form Handling WebStackAcademy

Form validation normally used to occur at the server, after the client had entered all the necessary data and then pressed the Submit button. If the data entered by a client was incorrect or was simply missing, the server would have to send all the data back to the client and request that the form be resubmitted with correct information. This was really a lengthy process which used to put a lot of burden on the server. JavaScript provides a way to validate form's data on the client's computer before sending it to the web server. Form validation generally performs two functions. Basic Validation − First of all, the form must be checked to make sure all the mandatory fields are filled in. It would require just a loop through each field in the form and check for data. Data Format Validation − Secondly, the data that is entered must be checked for correct form and value. Your code must include appropriate logic to test correctness of data.

HTML5 workshop, formsRobert Nyman

The document discusses new HTML5 form types, attributes, and elements. It provides examples of new input types like color, date, and range. It also covers new form attributes, validation methods and styles. Validation is improved but still has limitations. Styling is introduced for states like required, valid, invalid and focused using CSS pseudo-classes. Custom validation messages can be set but override the default checkValidity method.

HTML5 Forms - KISS time - FronteersRobert Nyman

This document summarizes new HTML5 form elements and attributes. It introduces new input types like color, date, and range. It also describes new form attributes like autocomplete, autofocus, and validation attributes. Styles are demonstrated for required, valid, invalid, and placeholder text. Issues with validation dialogs and international characters are discussed. The document encourages keeping forms simple and provides additional resources.

ch3.pptEnghamzaKhalailah

HTML5 Form ValidationIan Oxley

Html5 inputsChris Love

Data entry is boring. Developing web forms is tedious and can be complicated. As AJAX heavy applications have become the standard of today’s web developers have relied on many third party plugins and libraries to add client-side value to data entry forms. Modern browsers implement many of these features natively, in many cases eliminating the need to load and maintain an application against a third party library. In this session I will review new input types, attributes, styling and validation techniques that should make you forget those third party libraries for your next project.

04.02.JS_SimpleValidation.pdfflutterhub

This document discusses simple validation of user input with JavaScript. It describes validating the type, format, and value of input using HTML5 input types, attributes like required and pattern, and JavaScript functions. New input types validate format but may not be supported, so extra validation with attributes and JavaScript is recommended to ensure correctness. The document provides examples of validating email addresses, numbers within a range, and zip codes using various techniques.

Hassliebe Onlineformulare, Enhance your Form for better UXPeter Rozek

Formulare und das Internet verbindet eine ewige Hassliebe. Zum einen sind sie notwendig und zum anderen scheitert die Conversion Rate nicht selten an einer schlechten Usability. Responsive Webdesign hat die Situation nicht einfacher gemacht. Verschiedene Formfaktoren und Interaktionsmechaniken sind zu berücksichtigen. Einzelne Formulare oder Formularstrecken müssen für den Nutzer verständlich bleiben und bei falschen Eingaben muss das System eine gewisse Fehlertoleranz erkenn und Kontextbezogene Hilfen anbieten. Zusätzlich gilt für unterschiedliche Touchpoints das Formulare scalable und usable sind. Der Vortrag zeigt mit welchen HTML5 und CSS3 Elementen Formulare technisch Robust werden und eine positive User Experience adressieren. Neben grundlegenden Usability Guidelines wird auch ein besonderes Augenmerk auf den Anwendungsfall gelegt. Zielgruppenorientierte Formulargestaltung braucht mehr als die Einbeziehung grundlegender Usability Richtlinien. Valide Use Cases auf Basis von Customer Journey Maps oder Touchpoint Matrix helfen den Fokus auf wesentliche Aspekte zu lenken.

Bad Form @ JSConf Asia 2014cliener

form_validation_with_html5Ryan Williams

This document discusses HTML5 form validation, which allows browsers to perform client-side validation of forms using new input types and attributes. This reduces the need for custom JavaScript validation code. However, server-side validation is still required. The document provides examples of how to specify required fields, regular expressions, data types, and validation error handling using HTML5. It also discusses browser support and fallback options to polyfill functionality for older browsers.

Input validation errorsmanoharparakh

Accessible dynamic formsDylan Barrell

The document discusses accessible and valid dynamic forms with jQuery. It provides examples of code on GitHub for form accessibility fundamentals like labels, instructions, layout, and dynamism. It also covers common WCAG 2.0 success criteria around perceivable, operable, understandable and robust forms. Specific techniques are presented for labels, instructions, layout, controls, and validation fundamentals.

Design better forms – Mobile UX LondonSjors Timmer

This document provides tips for designing better forms. It recommends starting with structure by thinking of a form as a conversation with the user. Key elements to focus on include building trust with the user, preparing them for the form, using headings to guide them through sections, and crafting clear and appropriate questions. When designing the form, best practices include placing labels above fields, using readable fonts and spacing, avoiding dropdowns when possible, and automating validation. Form elements should be designed to be easily filled out on mobile. The document concludes with reading recommendations on the topic of form design.

HTML5 Mullet: Forms & Input ValidationTodd Anglin

Validating forms (and more) with the HTML5 pattern attributecliener

HTML5 Forms OF DOOMStephanie Hobson

Moving to the client - HTML5 is here Christian Heilmann

Web Forms People Don't Hatecliener

Building & Breaking Web Forms with Quaid-JScliener

GCSECS-DefensiveDesign.pptxazida3

JavaScript - Chapter 14 - Form Handling WebStackAcademy

HTML5 workshop, formsRobert Nyman

HTML5 Forms - KISS time - FronteersRobert Nyman

ch3.pptEnghamzaKhalailah

HTML5 Form ValidationIan Oxley

Html5 inputsChris Love

04.02.JS_SimpleValidation.pdfflutterhub

Hassliebe Onlineformulare, Enhance your Form for better UXPeter Rozek

Bad Form @ JSConf Asia 2014cliener

form_validation_with_html5Ryan Williams

Input validation errorsmanoharparakh

Accessible dynamic formsDylan Barrell

Design better forms – Mobile UX LondonSjors Timmer

Data validation in web applications

1. Data Validation in Web ApplicationsWelcome to:

2. Hi! I’m Scott KirklandSlinging code @ UCDavis for 8 yearsCurrently Sr. Application Architect for the College Of Agricultural and Environmental Sciences Dean’s OfficeOpen source coderhttps://github.com/srkirklandMvcHtml5, Data Annotations Extensions, ITSecuritySymposiumhttps://github.com/ucdavisUCDArch, Web ApplicationsCo-founded the local .NET User Group

3. Data Validation in Web ApplicationsWelcome to:

4. The most common web application security weakness is the failure to properly validate input from the client or environment. - OWASP[1]

6. Aka: Trust No One Data

7. Input Validation

8. Topics:

9. Input Validation in Web FormsEnsure user supplied data is Strongly typedCorrect syntaxWithin length boundariesContains only permitted charactersOr that numbers are correctly signed and within range boundariesIs “business rule correct”

10. Client Side ValidationValidate data on the client firstProvides better feedback to the end userMakes your site feel more responsiveAlways validate on server-side as well!

11. JavaScript Validation“Current” solution, useful & widely supported (Probably about 95%)Any JavaScript errors and validation disappearsFairly difficult to implement, though libraries help[3]

12. JavaScript Validation: EmailIs this a good email regex?\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\bYes, except when it isn’tNon-english, some TLDs not covered, no special charsHow about this (RFC 2822)?(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])Allows some crazy stuff, like \@scott\@[email protected]

13. Input Validation w/ HTML5

14. HTML5 Input ValidationTwo major form validation innovationsNew Input TypesConstraint Validation

15. HTML5 Input TypesNew input types were added to augment<input type=“text” />

16. HTML5 Input Typessearchtelurlemailnumberrangecolordatetimedatemonthweektimedatetime-local

17. HTML5 Input TypesGives semantic meaning to your formsEnable behaviors based on input type

18. DEMO: Html5 Input Types

19. HTML5 Input TypesSo, that was pretty coolSimply changing input types can add basic validationBenefits go beyond validationAdditive only – no drawbacks

20. HTML5 Input Types<input type=“email” /><input type=“url” />

21. HTML5 Input Types<input type=“tel” /><input type=“number” />

22. HTML5 Constraint ValidationRequiredPatternMaxLengthMin/Max

23. HTML5 Constraint ValidationRequired<input type=“text” required />MaxLength<input type=“text” maxlength=“10” />Pattern<input type=“text” pattern=“[0-9]{5}” />

24. DEMO: Html5 Constraints

25. Of course, this only works in HTML5 capable browsersOlder browsers will ignore these new attributesWith JavaScript you can “Polyfill” for “regressive” enhancement

26. One More Thing…

27. PolyfillA polyfill, or polyfiller, is a piece of code (or plugin) that provides the technology that you, the developer, expect the browser to provide nativelyGenerally, you test the browser for a feature. If it is not present natively, use JavaScript to add the feature

28. Develop for tomorrow… today!Great library called Modernizrhttp://www.modernizr.com/Helps with feature detection & media queriesAllows older browsers to work with Html5 elementsMuch more

29. DEMO: Polyfills

30. HTML5 Data Validation:Pragmatic Advice

31. Use the new input types They may do data validation for youMake your users happy (iOS & more)They will keep getting betterNative experience

32. Constraint ValidationUseful for “first line of defense” or backupYou should continue to use JavaScript for client validation

33. Recap: Validating Web FormsMakes the experience better for your usersResults in better, more reliable dataFirst line of defense against a plethora of vulnerabilities

35. Thanks for listeningI’m Scott KirklandEmail: [email protected]: http://weblogs.asp.net/srkirkland/GitHub:Personal: https://github.com/srkirkland/UCDavis: https://github.com/ucdavis/Slides and demo:https://github.com/srkirkland/ITSecuritySymposium

Editor's Notes

#3: Scott Kirkland has been writing web applications at UC Davis for eight years, currently in his capacity as Senior Application Architect for the College of Agricultural and Environmental Sciences Dean's Office. Scott has also created and released several open-source projects including the architectural framework UCDArch (https://github.com/ucdavis/UCDArch) for developing secure ASP.NET MVC applications at UC Davis, as well as DataAnnotationsExtensions (http://dataannotationsextensions.org) for extending client and server validation in .NET applications. Scott enjoys educating other developers and co-founded the UC Davis .NET User Group and recently led a three day workshop about ASP.NET MVC for several dozen UC Davis developers.
#5: The most common web application security weakness is the failure to properly validate input from the client or environment. This weakness leads to almost all of the major vulnerabilities in applications, such as Interpreter Injection, locale/Unicode attacks, file system attacks and buffer overflows. Data from the client should never be trusted for the client has every possibility to tamper with the data.
#8: Possibly include Sql Injection, Xss,etc
#9: Possibly include Xss, depending on time
#10: https://www.owasp.org/index.php/Data_Validation#Data_Validation_and_Interpreter_Injection
#11: Might decrease bandwidth
#12: “Current” because it isn’t really going to go anywhere, but it is “all we have”Most frameworks don’t come with much in the way of help, and when they do its complex and they contain lots of messy JavaScript.
#13: May not want to use this slide…
#14: Html5 to the rescue?
#16: Type=“text” but what kind of text? HTML5 goes further
#17: Search – assistive technologies like screen reader
#18: Type=“text” but what kind of text? HTML5 goes further
#19: <input type='text' /> Show output, looks like regular text box<input type='email' /> Show output, looks the same, but show how iphone and opera treat it differently. Also, type='email' validates email!Same thing with url <input type='url' />Same with number <input type='number' /> Even can do min/max with number
#20: You could style them independently, different sizes for email, etc
#21: Also tel you get the keypad, number you get a special input tooScreenshots from http://diveintohtml5.org/forms.html
#22: Also tel you get the keypad, number you get a special input tooScreenshots from http://diveintohtml5.org/forms.html
#25: http://miketaylr.com/code/input-type-attr.htmlShow in FF, Chrome, Explorer (nothing breaks with explorer, completely additive)
#27: Html5 validation constraints
#28: http://remysharp.com/2010/10/08/what-is-a-polyfill/
#29: Widely used: Google, Twitter, Microsoft (ships with MVC)
#30: http://miketaylr.com/code/input-type-attr.htmlShow in FF, Chrome, Explorer (nothing breaks with explorer, completely additive)
#32: Really, no downside
#33: Really,no downside

Data validation in web applications

Recommended

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Data validation in web applications (20)

Data validation in web applications

Editor's Notes