Dr. Drew Hwang, CIS, Cal Poly Pomona
Home
101
WDD
ECOMM
SWA
SP
Secure Web Development
Home
Basics
Offense
Defense
SDLC
Code
Access
Parameter
Perimeter
Browser
Industry
Resource
Home
Description
Topics
Tools
Final
Exercises
Browser Proxy
SQL Injection
Messageboard XSS
Session Hijacking
Individual Projects
Input Validation
Defending SQL Injection
CAPTCHA Integration
Cryptography/Hashing
Access Control
Defending CSRF
Team Projects
Security Requirements
Issues in SWA
Print
Project: Input Validation
Requirements
Develop an ASP.NET website (not project) with a login page containing the following form fields:
Username: required; max. 5 characters (using JavaScript)
Password: required; max. 10 characters (using JavaScript)
Use ASP.net
requiredfieldvalidator
to validate the required form fields and
Create three submit bottons and use the
regex
class to validate the following requirements.:
Button #1 (captioned: "Blacklist"): using a blacklist to reject the following metachacaters: "^ $ \ / ( ) | ? + * [ ] { } ><" and return a message for either the input is valid or not in a Lable control.
Button #2 (captioned: "Whitelist"): using a whitelist to take only 0-9 and A-Z and return a message for either the input is valid or not in a Lable control.
Button #3 (captioned: "Sanitization"): sanitize input to remove following metachacaters: "^ $ \ / ( ) | ? + * [ ] { } ><" and display the result in a Lable control
Button #4 (captioned: "HTML Encode"): HTML encode input and display the result in a Message Box.
News in the Making
(source:
cgisecurity.com
)