Technology

Increasing web applications' security using validation

by Richie Bowden | 4 Comments »

Any business that uses a website with online services to do business with their customers are concerned about security. Security is an important factor in ensuring a quality user experience and helps to retain and grow a customer base. secure websites using data validation

Recently I wrote in my own blog outlining some principles and approaches for website and applications security. In this blog, I will focus on data validation which forms an important part of securing your website or application. Data validation is all about ensuring that any form of data input or output, whether provided by a user or other system, does not compromise your website or application.

Lets start with the inputs - blacklist or whitelist ?

Businesses provide a range of online options for customers to communicate to them, ranging from online feedback/comment forms to online shopping. Each of these options require different data to be entered, from names and email addresses to credit/debit card details. If a user's input is not properly validated, there can be a risk of an attacker using a code injection technique such as sql injection to compromise a website.

To ensure that appropriate data is entered, there are two approaches to validation;

  1. Whitelisting
    This approach validates any data input against data that is considered acceptable. For example, a whitelist entry for a valid credit card number would include the rule that the input should consist of sixteen numeric characters, drawn from a list of 0 to 9. By adopting this approach, the focus is on identifying known correct inputs. So if a user enters anything other than numbers, their input will not be accepted and a message should be displayed informing them as to why their entry was not accepted.
  2. Blacklisting
    This approach differs from whitelisting in that the focus is on identifying inappropriate inputs - malicious or otherwise. When inappropriate content is recognised, it is replaced or removed. The challenge with using the blacklisting approach is that only current known threats can be prevented. There is a possibility that newer threats may be missed. For this reason, the whitelisting approach is generally the preferred approach.

Read more »

Finance

Tax free money from your business!

by Aileen Hannan | 3 Comments »

This is one of the few sure fire ways to get money tax-free out of your business. Legally, I mean. Misused and misunderstood, I am setting the record straight on Director's Expenses.

Read more »

Management

Job Hunting – Fools don't back horses

by Paul Mullan | 4 Comments »

This article is not served to promote gambling on horse racing but instead to promote gambling/risk-taking when job hunting or in business. As Robert F. Kennedy said “only those who dare to fail greatly can ever achieve greatly”

Read more »

Finance

Caught in a Company Cash Challenge?

by Laura Kelly | 2 Comments »

Like many companies out there, ranging from SME’s to large long-established and venerable household names, are you and your company caught in the Cash Challenge?

Read more »

Announcements

SugarTone: Sweet Business Blogging Contest

by cindyking | 15 Comments »

Bloggertone is teaming up with BizSugar to bring you the Sugartone Sweet Business Blogging Contest. This contest helps give your articles extra online visibility and rewards your social networking. The Sugartone Sweet Business Blogging Contest is an opportunity for you to win prizes to help you promote your business.

Read more »