Validating input to a website is the most important security measure. Examine common data conditions that deserve consideration.
- Validating input is an important technique … to ensure that only good data is allowed … into your web application. … As we just saw, regulating requests provides a first line … of defense by examining the envelope … around the data being sent to our servers. … If the envelope passes inspection, … then the data inside the envelope should be inspected next. … Watching the data coming through well-known public pathways … is one of the first steps to secure any website. … Most hackers don't use secret back doors … or unexpected zero-day exploits. … More often, they use the standard data inputs, … but send in malicious data. … Data validation determines … if the data being received as input is acceptable. … This means you need to establish criteria … to separate good data from bad data. … What are your expectations for the data? … What should be considered acceptable data? … What should be considered unacceptable data? … The answers to these questions will be different … for every web application …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.