Defensive Programming (Input Validation)

Uploaded by

iqra

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

20 views18 pages

Defensive Programming (Input Validation)

Uploaded by

iqra

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 18

Defensive Programming

Contents
1. Protecting Your Program from Invalid Inputs
2. Assertions
3. Error-Handling Techniques
4. Exceptions
5. Barricade Your Program to Contain the
Damage Caused by Errors
6. Debugging Aids
Defensive Programing
Defensive programming means coding
carefully to prevent bugs before they happen
and handling problems gracefully instead of
letting the program crash.
Garbage in, garbage out
Protecting Your Program from Invalid
Inputs
There are three general ways to handle garbage in
1.Check the values of all data from external
sources(INPUT VALIDATION)
2. Check the values of all routine input parameters
3. Decide how to handle bad inputs
INPUT VALIDATION
• SQL INJECTION
• EMAIL VALIDATION
• PASSWORD VALIDATION
SQL INJECTION
Test this SQL Injection In testing website link given
below
Altoro Mutual
Never build SQL by concatenating user
input into the SQL string.
"SELECT * FROM users WHERE username = '" + username + "' AND
password = '" + password + “’”
1) What the code does
It joins (concatenates) whatever the user types for username and
password directly into the SQL text.
That means the user can supply not only data but also characters that
look like SQL (quotes, --, OR, ;, etc.).
2) How an attacker abuses it (two common tricks)
A — Comment trick (--)
If attacker sets:
username = admin' --
password = anything
SELECT * FROM users WHERE username =
'admin' --' AND password = 'anything'
CASE2
SELECT * FROM users WHERE username = '' OR '1'='1' AND
password = '' OR '1'='1’
Because '1'='1' is always true, the WHERE can evaluate true and
return rows → data leakage.
User input changes SQL structure, not just values
Preventions
Primary fix: Never concatenate user input into SQL. Use parameterized queries /
placeholders so SQL text is fixed and inputs are sent separately as data
.
(Example form:

SELECT * FROM users WHERE username = ? AND password = ?

with parameters provided separately.)

Extra layer: input validation/whitelisting for fields that have a strict format
(usernames, IDs). Validation helps but does not replace parameterization.
Email validation
Password validation

SQL Injection: Examples and Defenses
No ratings yet
SQL Injection: Examples and Defenses
26 pages
Understanding SQL Injection Attacks
No ratings yet
Understanding SQL Injection Attacks
53 pages
Database Security Workshop Insights
No ratings yet
Database Security Workshop Insights
36 pages
SQL Injection For Newbies
No ratings yet
SQL Injection For Newbies
5 pages
5
No ratings yet
5
2 pages
W11-Attacking Data Stores
No ratings yet
W11-Attacking Data Stores
33 pages
SQL Injection Attack
No ratings yet
SQL Injection Attack
2 pages
CS - SQL Injection (Discussion-1) ) & Buffer Overflow Attack
No ratings yet
CS - SQL Injection (Discussion-1) ) & Buffer Overflow Attack
5 pages
SQL Injection
No ratings yet
SQL Injection
37 pages
W12-Attacking Data Stores (Part II)
No ratings yet
W12-Attacking Data Stores (Part II)
35 pages
Brief Introduction in SQL Injection
No ratings yet
Brief Introduction in SQL Injection
22 pages
SQL Injection
No ratings yet
SQL Injection
4 pages
SQL Injection
No ratings yet
SQL Injection
4 pages
Presentation On SQL Injection
No ratings yet
Presentation On SQL Injection
19 pages
SQL Injection
100% (1)
SQL Injection
28 pages
3 - SQLInjection
No ratings yet
3 - SQLInjection
18 pages
Is Presentation Sqli
No ratings yet
Is Presentation Sqli
23 pages
SQL Injection Guide for DB Admins
No ratings yet
SQL Injection Guide for DB Admins
26 pages
Web App Security: SQL Injection
100% (3)
Web App Security: SQL Injection
28 pages
SQL Injection: Types and Prevention
No ratings yet
SQL Injection: Types and Prevention
30 pages
Injections and Buffer Overflows Explained
No ratings yet
Injections and Buffer Overflows Explained
75 pages
SQL Injection Cheat Sheet PDF
No ratings yet
SQL Injection Cheat Sheet PDF
2 pages
SQL Injection Defense for Students
No ratings yet
SQL Injection Defense for Students
18 pages
SQL Injection
No ratings yet
SQL Injection
11 pages
SDR 680dd952be04819
No ratings yet
SDR 680dd952be04819
20 pages
SQL Injection Guide with Examples
No ratings yet
SQL Injection Guide with Examples
9 pages
14 Web Security
No ratings yet
14 Web Security
14 pages
SQL Injection
No ratings yet
SQL Injection
37 pages
Understanding SQL Injection Attacks
No ratings yet
Understanding SQL Injection Attacks
27 pages
SQL Injection Attacks and Prevention
No ratings yet
SQL Injection Attacks and Prevention
3 pages
SQL Injection Attack Guide
No ratings yet
SQL Injection Attack Guide
19 pages
Databases and Website Security
No ratings yet
Databases and Website Security
16 pages
Database Security
No ratings yet
Database Security
16 pages
SQL Injection Guide for Developers
No ratings yet
SQL Injection Guide for Developers
13 pages
Unit 4 Dbmss
No ratings yet
Unit 4 Dbmss
6 pages
SQL Injection Cheat Sheet
No ratings yet
SQL Injection Cheat Sheet
6 pages
Injection
No ratings yet
Injection
5 pages
Unit 5 SQL Injection
No ratings yet
Unit 5 SQL Injection
4 pages
Databases and Website Security
No ratings yet
Databases and Website Security
16 pages
Understanding SQL Injection Attacks
No ratings yet
Understanding SQL Injection Attacks
6 pages
Cyber Security Interview Questions
No ratings yet
Cyber Security Interview Questions
103 pages
LESSON 7-SQL Injection
No ratings yet
LESSON 7-SQL Injection
15 pages
09-15-16 GreyHat SQL Injection
No ratings yet
09-15-16 GreyHat SQL Injection
25 pages
CSS Expt 10 - 250406 - 110304
No ratings yet
CSS Expt 10 - 250406 - 110304
7 pages
SQL Injection: Vulnerabilities & Solutions
No ratings yet
SQL Injection: Vulnerabilities & Solutions
28 pages
Experiment No 13
No ratings yet
Experiment No 13
4 pages
Lab Task 1 Dis 2019
No ratings yet
Lab Task 1 Dis 2019
3 pages
SQL Injection
No ratings yet
SQL Injection
12 pages
SQL Injection Guide
No ratings yet
SQL Injection Guide
3 pages
SQL Injection
No ratings yet
SQL Injection
4 pages
SQL Injection
No ratings yet
SQL Injection
5 pages
SQL Injection Prevention - OWASP Cheat Sheet Series
No ratings yet
SQL Injection Prevention - OWASP Cheat Sheet Series
11 pages
03 Sqlia
No ratings yet
03 Sqlia
41 pages
SQL Injection
No ratings yet
SQL Injection
2 pages
02 - SQL Injection
No ratings yet
02 - SQL Injection
33 pages
Baricade
No ratings yet
Baricade
7 pages
Week2 Lab
No ratings yet
Week2 Lab
19 pages
Mid Term
No ratings yet
Mid Term
2 pages
Noun
No ratings yet
Noun
4 pages
Python Basic
No ratings yet
Python Basic
7 pages
Functions Exercise Practice
No ratings yet
Functions Exercise Practice
2 pages
Week7
No ratings yet
Week7
18 pages
Sequences & Summations
No ratings yet
Sequences & Summations
23 pages
Chap 9 Relation Exetcise
No ratings yet
Chap 9 Relation Exetcise
10 pages
OSI Model
No ratings yet
OSI Model
6 pages
CCBYPMM
No ratings yet
CCBYPMM
16 pages
Compair Word Excel
No ratings yet
Compair Word Excel
5 pages
Week8
No ratings yet
Week8
29 pages
Hemorrhage Etiology: Nontraumatic Children: Presentation
No ratings yet
Hemorrhage Etiology: Nontraumatic Children: Presentation
6 pages
Ultrasound in Obstet Gyne - 2005 - Elchalal - Fetal Intracranial Hemorrhage Fetal Stroke Does Grade Matter
No ratings yet
Ultrasound in Obstet Gyne - 2005 - Elchalal - Fetal Intracranial Hemorrhage Fetal Stroke Does Grade Matter
11 pages
Ssri and Brain Hemorrage
No ratings yet
Ssri and Brain Hemorrage
4 pages
Primary Cerebral Amyloidoma
No ratings yet
Primary Cerebral Amyloidoma
6 pages
2001EurRadiol IntracranialHemorrhage principlesofCTandMRIinterpretation
No ratings yet
2001EurRadiol IntracranialHemorrhage principlesofCTandMRIinterpretation
15 pages
01 STR 19 7 903
No ratings yet
01 STR 19 7 903
5 pages
Brain Tumors Manifesting As Intracranial Hemorrhage
No ratings yet
Brain Tumors Manifesting As Intracranial Hemorrhage
6 pages
01 STR 18 6 1048
No ratings yet
01 STR 18 6 1048
9 pages
A Deep Learning Model For Automatic Segmentation of Intraparenchymal and Intraventricular Hemorrhage For Catheter Puncture Path Planning
No ratings yet
A Deep Learning Model For Automatic Segmentation of Intraparenchymal and Intraventricular Hemorrhage For Catheter Puncture Path Planning
12 pages
01 STR 14 4 468
No ratings yet
01 STR 14 4 468
8 pages
01 STR 10 3 283
No ratings yet
01 STR 10 3 283
6 pages
Research Article: Electroacupuncture Alters BCI-Based Brain Network in Stroke Patients
No ratings yet
Research Article: Electroacupuncture Alters BCI-Based Brain Network in Stroke Patients
13 pages
01 STR 4 6 946
No ratings yet
01 STR 4 6 946
9 pages
A Novel Multi-Scale Channel Attention-Guided Neural Network For Brain Stroke Lesion Segmentation
No ratings yet
A Novel Multi-Scale Channel Attention-Guided Neural Network For Brain Stroke Lesion Segmentation
13 pages
Research Article: Dual-Path Attention Compensation U-Net For Stroke Lesion Segmentation
No ratings yet
Research Article: Dual-Path Attention Compensation U-Net For Stroke Lesion Segmentation
16 pages
Microwave Medical Image Segmentation For Brain Stroke Diagnosis Imaging-Process-Informed Image Processing
No ratings yet
Microwave Medical Image Segmentation For Brain Stroke Diagnosis Imaging-Process-Informed Image Processing
5 pages
A Novel Modified U-Shaped 3-D Capsule Network MUDCap3 For Stroke Lesion Segmentation From Brain MRI
No ratings yet
A Novel Modified U-Shaped 3-D Capsule Network MUDCap3 For Stroke Lesion Segmentation From Brain MRI
6 pages

Defensive Programming (Input Validation)

Uploaded by

Defensive Programming (Input Validation)

Uploaded by

Defensive Programming

SELECT * FROM users WHERE username = ? AND password = ?

with parameters provided separately.)

You might also like