SlideShare une entreprise Scribd logo

A particular web application operation accepts an image upload- The lo.docx

Télécharger en tant que DOCX, PDF
J
janettjz6sfehrle

A particular web application operation accepts an image upload. The logged in user provides a user ID, an image name, a brief description and image preferred size (height and width). Explain what checks the server-side function should perform (in general terms, code is not needed) before attempting to process the submission. provide an example of activity logging that would require additional security concerns to be addressed and why. Explain a coding technique that can be used to protect against Cross-Site Scripting vulnerabilities. Explain a coding technique that can be used to protect against SQL insertion. Explain how the ViewState field or a CSRF token helps protect against Cross-Site Request Forgery. Solution server side should check if some null constraints are applied to any of these fields more over if image size is already given to be uploaded, in case of failure of checking server should prompt a general message for the related exception that a naive can understand. provide an example of activity logging that would require additional security concerns to be addressed Being secure is not a sometimes thing, but an ongoing process. You aren\'t secure because you use a particular tool—you are secure because you apply a security mindset every day. as an example took the login with facebook, the facebook must disable the functionality of browser of save password because by doing so no outsider would enter your timeline. Explain a coding technique that can be used to protect against Cross-Site Scripting vulnerabilities. 1. Safely validating untrusted HTML input 2. Cookie security 3. Disabling scripts Explain a coding technique that can be used to protect against SQL insertion. 1. By doing Prepared Statements The use of prepared statements with variable binding is how all developers should first be taught how to write database queries 2. Using Stored Procedures 3. Using White List Input Validation 4. Least Privilages Explain how the ViewState field or a CSRF token helps protect against Cross-Site Request Forgery. The CSRF token is added as a hidden field for forms or within the URL if the state changing operation occurs via a GET. The server rejects the requested action if the CSRF token fails validation .

Formation
1  sur  2
A particular web application operation accepts an image upload. The logged in user provides a user ID, an image name, a brief description and image preferred size (height and width). Explain what checks the server-side function should perform (in general terms, code is not needed) before attempting to process the submission. provide an example of activity logging that would require additional security concerns to be addressed and why. Explain a coding technique that can be used to protect against Cross-Site Scripting vulnerabilities. Explain a coding technique that can be used to protect against SQL insertion. Explain how the ViewState field or a CSRF token helps protect against Cross-Site Request Forgery. Solution server side should check if some null constraints are applied to any of these fields more over if image size is already given to be uploaded, in case of failure of checking server should prompt a general message for the related exception that a naive can understand. provide an example of activity logging that would require additional security concerns to be addressed Being secure is not a sometimes thing, but an ongoing process. You aren't secure because you use a particular tool—you are secure because you apply a security mindset every day. as an example took the login with facebook, the facebook must disable the functionality of browser of save password because by doing so no outsider would enter your timeline. Explain a coding technique that can be used to protect against Cross-Site Scripting vulnerabilities. 1. Safely validating untrusted HTML input
2. Cookie security 3. Disabling scripts Explain a coding technique that can be used to protect against SQL insertion. 1. By doing Prepared Statements The use of prepared statements with variable binding is how all developers should first be taught how to write database queries 2. Using Stored Procedures 3. Using White List Input Validation 4. Least Privilages Explain how the ViewState field or a CSRF token helps protect against Cross-Site Request Forgery. The CSRF token is added as a hidden field for forms or within the URL if the state changing operation occurs via a GET. The server rejects the requested action if the CSRF token fails validation

Recommandé

A security note for web developers
A security note for web developersA security note for web developers
A security note for web developersJohn Ombagi
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityNelsan Ellis
 
Lecture32-Web-based-testing-II.pptx
Lecture32-Web-based-testing-II.pptxLecture32-Web-based-testing-II.pptx
Lecture32-Web-based-testing-II.pptxBalkrishanpatidar
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10InnoTech
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013n|u - The Open Security Community
 
Web Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok ChernWeb Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok ChernQuek Lilian
 
Owasp Top 10 2017
Owasp Top 10 2017Owasp Top 10 2017
Owasp Top 10 2017SamsonMuoki
 
Owasp web security
Owasp web securityOwasp web security
Owasp web securityPankaj Kumar Sharma
 

Recommandé

A security note for web developers
A security note for web developersA security note for web developers
A security note for web developersJohn Ombagi
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityNelsan Ellis
 
Lecture32-Web-based-testing-II.pptx
Lecture32-Web-based-testing-II.pptxLecture32-Web-based-testing-II.pptx
Lecture32-Web-based-testing-II.pptxBalkrishanpatidar
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10InnoTech
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013n|u - The Open Security Community
 
Web Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok ChernWeb Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok ChernQuek Lilian
 
Owasp Top 10 2017
Owasp Top 10 2017Owasp Top 10 2017
Owasp Top 10 2017SamsonMuoki
 
Owasp web security
Owasp web securityOwasp web security
Owasp web securityPankaj Kumar Sharma
 
Pillars of great Azure Architecture
Pillars of great Azure ArchitecturePillars of great Azure Architecture
Pillars of great Azure ArchitectureKarthikeyan VK
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmersrobin_bene
 
Security Awareness
Security AwarenessSecurity Awareness
Security AwarenessLucas Hendrich
 
Ajax Testing Approach
Ajax Testing ApproachAjax Testing Approach
Ajax Testing ApproachHarshJ
 
Ajax Testing Approach
Ajax Testing ApproachAjax Testing Approach
Ajax Testing ApproachHarshaVJoshi
 
ieee
ieeeieee
ieeeRadheshyam Dhakad
 
Pci compliance writing secure code
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure codeMiva
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Sean Jackson
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET Journal
 
Server side programming bt0083
Server side programming bt0083Server side programming bt0083
Server side programming bt0083Divyam Pateriya
 
C01461422
C01461422C01461422
C01461422IOSR Journals
 
28791456 web-testing
28791456 web-testing28791456 web-testing
28791456 web-testingRushikesh Bhongade
 
Step by step guide for web application security testing
Step by step guide for web application security testingStep by step guide for web application security testing
Step by step guide for web application security testingAvyaan, Web Security Company in India
 
Security by the numbers
Security by the numbersSecurity by the numbers
Security by the numbersEoin Keary
 
oracle
oracleoracle
oracletarunamoria
 
Sql injection
Sql injectionSql injection
Sql injectionPraneeth Perera
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
Railsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUDRailsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUDFlurry, Inc.
 
Input validation errors
Input validation errorsInput validation errors
Input validation errorsmanoharparakh
 
1 - how do you think Telehealth will impact and expand healthcare prac.docx
1 - how do you think Telehealth will impact and expand healthcare prac.docx1 - how do you think Telehealth will impact and expand healthcare prac.docx
1 - how do you think Telehealth will impact and expand healthcare prac.docxjanettjz6sfehrle
 
01 (10 points) Create a file called 01-py- This file will use one posi.docx
01 (10 points) Create a file called 01-py- This file will use one posi.docx01 (10 points) Create a file called 01-py- This file will use one posi.docx
01 (10 points) Create a file called 01-py- This file will use one posi.docxjanettjz6sfehrle
 

Contenu connexe

Similaire à A particular web application operation accepts an image upload- The lo.docx

Pillars of great Azure Architecture
Pillars of great Azure ArchitecturePillars of great Azure Architecture
Pillars of great Azure ArchitectureKarthikeyan VK
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmersrobin_bene
 
Ajax Testing Approach
Ajax Testing ApproachAjax Testing Approach
Ajax Testing ApproachHarshJ
 
Ajax Testing Approach
Ajax Testing ApproachAjax Testing Approach
Ajax Testing ApproachHarshaVJoshi
 
Pci compliance writing secure code
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure codeMiva
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Sean Jackson
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET Journal
 
Server side programming bt0083
Server side programming bt0083Server side programming bt0083
Server side programming bt0083Divyam Pateriya
 
Security by the numbers
Security by the numbersSecurity by the numbers
Security by the numbersEoin Keary
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
Railsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUDRailsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUDFlurry, Inc.
 
Input validation errors
Input validation errorsInput validation errors
Input validation errorsmanoharparakh
 

Similaire à A particular web application operation accepts an image upload- The lo.docx (20)

Pillars of great Azure Architecture
Pillars of great Azure ArchitecturePillars of great Azure Architecture
Pillars of great Azure Architecture
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmers
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Ajax Testing Approach
Ajax Testing ApproachAjax Testing Approach
Ajax Testing Approach
 
Ajax Testing Approach
Ajax Testing ApproachAjax Testing Approach
Ajax Testing Approach
 
ieee
ieeeieee
ieee
 
Pci compliance writing secure code
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure code
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability Scan
 
Server side programming bt0083
Server side programming bt0083Server side programming bt0083
Server side programming bt0083
 
C01461422
C01461422C01461422
C01461422
 
28791456 web-testing
28791456 web-testing28791456 web-testing
28791456 web-testing
 
Step by step guide for web application security testing
Step by step guide for web application security testingStep by step guide for web application security testing
Step by step guide for web application security testing
 
Security by the numbers
Security by the numbersSecurity by the numbers
Security by the numbers
 
oracle
oracleoracle
oracle
 
Sql injection
Sql injectionSql injection
Sql injection
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
 
Railsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUDRailsplitter: Simplify Your CRUD
Railsplitter: Simplify Your CRUD
 
Input validation errors
Input validation errorsInput validation errors
Input validation errors
 

Plus de janettjz6sfehrle

1 - how do you think Telehealth will impact and expand healthcare prac.docx
1 - how do you think Telehealth will impact and expand healthcare prac.docx1 - how do you think Telehealth will impact and expand healthcare prac.docx
1 - how do you think Telehealth will impact and expand healthcare prac.docxjanettjz6sfehrle
 
01 (10 points) Create a file called 01-py- This file will use one posi.docx
01 (10 points) Create a file called 01-py- This file will use one posi.docx01 (10 points) Create a file called 01-py- This file will use one posi.docx
01 (10 points) Create a file called 01-py- This file will use one posi.docxjanettjz6sfehrle
 
0-05) (Give three decimal places).docx
0-05) (Give three decimal places).docx0-05) (Give three decimal places).docx
0-05) (Give three decimal places).docxjanettjz6sfehrle
 
-The melanocortin 1 receptor(MC1R) has emerged as a melanoma susceptib.docx
-The melanocortin 1 receptor(MC1R) has emerged as a melanoma susceptib.docx-The melanocortin 1 receptor(MC1R) has emerged as a melanoma susceptib.docx
-The melanocortin 1 receptor(MC1R) has emerged as a melanoma susceptib.docxjanettjz6sfehrle
 
-Reuploaded since the solution I got before was not what the assignmen.docx
-Reuploaded since the solution I got before was not what the assignmen.docx-Reuploaded since the solution I got before was not what the assignmen.docx
-Reuploaded since the solution I got before was not what the assignmen.docxjanettjz6sfehrle
 
-Please give me some time to put away my laptop- We can have a convers.docx
-Please give me some time to put away my laptop- We can have a convers.docx-Please give me some time to put away my laptop- We can have a convers.docx
-Please give me some time to put away my laptop- We can have a convers.docxjanettjz6sfehrle
 
-H1-3- (inverse- py) Write a complete Python program- It should prompt.docx
-H1-3- (inverse- py) Write a complete Python program- It should prompt.docx-H1-3- (inverse- py) Write a complete Python program- It should prompt.docx
-H1-3- (inverse- py) Write a complete Python program- It should prompt.docxjanettjz6sfehrle
 
-Ferns differ from mosses in having A function of the roots is to abso.docx
-Ferns differ from mosses in having A function of the roots is to abso.docx-Ferns differ from mosses in having A function of the roots is to abso.docx
-Ferns differ from mosses in having A function of the roots is to abso.docxjanettjz6sfehrle
 
-Choose- A line that can be applied above- below or to the sides of a.docx
-Choose- A line that can be applied above- below or to the sides of a.docx-Choose- A line that can be applied above- below or to the sides of a.docx
-Choose- A line that can be applied above- below or to the sides of a.docxjanettjz6sfehrle
 
-Conley is the CEO of a major academic med- ical center in the midwest.docx
-Conley is the CEO of a major academic med- ical center in the midwest.docx-Conley is the CEO of a major academic med- ical center in the midwest.docx
-Conley is the CEO of a major academic med- ical center in the midwest.docxjanettjz6sfehrle
 
-10 Points- Description In this assignment you will translate a system.docx
-10 Points- Description In this assignment you will translate a system.docx-10 Points- Description In this assignment you will translate a system.docx
-10 Points- Description In this assignment you will translate a system.docxjanettjz6sfehrle
 
----------Evaluator-java---------------- package evaluator- import j.docx
----------Evaluator-java---------------- package evaluator- import j.docx----------Evaluator-java---------------- package evaluator- import j.docx
----------Evaluator-java---------------- package evaluator- import j.docxjanettjz6sfehrle
 
---During period of illness - infection can easily be spread- It is al.docx
---During period of illness - infection can easily be spread- It is al.docx---During period of illness - infection can easily be spread- It is al.docx
---During period of illness - infection can easily be spread- It is al.docxjanettjz6sfehrle
 
- Write-up (Individual) What is the EI Nio Southern Oscillation (ENSO).docx
- Write-up (Individual) What is the EI Nio Southern Oscillation (ENSO).docx- Write-up (Individual) What is the EI Nio Southern Oscillation (ENSO).docx
- Write-up (Individual) What is the EI Nio Southern Oscillation (ENSO).docxjanettjz6sfehrle
 
- yoars (Round to two decimal places as needed).docx
- yoars (Round to two decimal places as needed).docx- yoars (Round to two decimal places as needed).docx
- yoars (Round to two decimal places as needed).docxjanettjz6sfehrle
 
- This person- role- or group will be a subject matter expert who can.docx
- This person- role- or group will be a subject matter expert who can.docx- This person- role- or group will be a subject matter expert who can.docx
- This person- role- or group will be a subject matter expert who can.docxjanettjz6sfehrle
 
- Interpret the data in each of the cases using 2 different nontechnic.docx
- Interpret the data in each of the cases using 2 different nontechnic.docx- Interpret the data in each of the cases using 2 different nontechnic.docx
- Interpret the data in each of the cases using 2 different nontechnic.docxjanettjz6sfehrle
 
- Python Programming Section 01 Spring 2023 CO Write a Python program.docx
- Python Programming Section 01 Spring 2023 CO Write a Python program.docx- Python Programming Section 01 Spring 2023 CO Write a Python program.docx
- Python Programming Section 01 Spring 2023 CO Write a Python program.docxjanettjz6sfehrle
 

Plus de janettjz6sfehrle (20)

1 - how do you think Telehealth will impact and expand healthcare prac.docx
1 - how do you think Telehealth will impact and expand healthcare prac.docx1 - how do you think Telehealth will impact and expand healthcare prac.docx
1 - how do you think Telehealth will impact and expand healthcare prac.docx
 
01 (10 points) Create a file called 01-py- This file will use one posi.docx
01 (10 points) Create a file called 01-py- This file will use one posi.docx01 (10 points) Create a file called 01-py- This file will use one posi.docx
01 (10 points) Create a file called 01-py- This file will use one posi.docx
 
0-05) (Give three decimal places).docx
0-05) (Give three decimal places).docx0-05) (Give three decimal places).docx
0-05) (Give three decimal places).docx
 
-The melanocortin 1 receptor(MC1R) has emerged as a melanoma susceptib.docx
-The melanocortin 1 receptor(MC1R) has emerged as a melanoma susceptib.docx-The melanocortin 1 receptor(MC1R) has emerged as a melanoma susceptib.docx
-The melanocortin 1 receptor(MC1R) has emerged as a melanoma susceptib.docx
 
-Reuploaded since the solution I got before was not what the assignmen.docx
-Reuploaded since the solution I got before was not what the assignmen.docx-Reuploaded since the solution I got before was not what the assignmen.docx
-Reuploaded since the solution I got before was not what the assignmen.docx
 
-Please give me some time to put away my laptop- We can have a convers.docx
-Please give me some time to put away my laptop- We can have a convers.docx-Please give me some time to put away my laptop- We can have a convers.docx
-Please give me some time to put away my laptop- We can have a convers.docx
 
-H1-3- (inverse- py) Write a complete Python program- It should prompt.docx
-H1-3- (inverse- py) Write a complete Python program- It should prompt.docx-H1-3- (inverse- py) Write a complete Python program- It should prompt.docx
-H1-3- (inverse- py) Write a complete Python program- It should prompt.docx
 
-Ferns differ from mosses in having A function of the roots is to abso.docx
-Ferns differ from mosses in having A function of the roots is to abso.docx-Ferns differ from mosses in having A function of the roots is to abso.docx
-Ferns differ from mosses in having A function of the roots is to abso.docx
 
-Choose- A line that can be applied above- below or to the sides of a.docx
-Choose- A line that can be applied above- below or to the sides of a.docx-Choose- A line that can be applied above- below or to the sides of a.docx
-Choose- A line that can be applied above- below or to the sides of a.docx
 
-Conley is the CEO of a major academic med- ical center in the midwest.docx
-Conley is the CEO of a major academic med- ical center in the midwest.docx-Conley is the CEO of a major academic med- ical center in the midwest.docx
-Conley is the CEO of a major academic med- ical center in the midwest.docx
 
-51003i+2i2.docx
-51003i+2i2.docx-51003i+2i2.docx
-51003i+2i2.docx
 
-2- num_list ---.docx
-2- num_list ---.docx-2- num_list ---.docx
-2- num_list ---.docx
 
-10 Points- Description In this assignment you will translate a system.docx
-10 Points- Description In this assignment you will translate a system.docx-10 Points- Description In this assignment you will translate a system.docx
-10 Points- Description In this assignment you will translate a system.docx
 
----------Evaluator-java---------------- package evaluator- import j.docx
----------Evaluator-java---------------- package evaluator- import j.docx----------Evaluator-java---------------- package evaluator- import j.docx
----------Evaluator-java---------------- package evaluator- import j.docx
 
---During period of illness - infection can easily be spread- It is al.docx
---During period of illness - infection can easily be spread- It is al.docx---During period of illness - infection can easily be spread- It is al.docx
---During period of illness - infection can easily be spread- It is al.docx
 
- Write-up (Individual) What is the EI Nio Southern Oscillation (ENSO).docx
- Write-up (Individual) What is the EI Nio Southern Oscillation (ENSO).docx- Write-up (Individual) What is the EI Nio Southern Oscillation (ENSO).docx
- Write-up (Individual) What is the EI Nio Southern Oscillation (ENSO).docx
 
- yoars (Round to two decimal places as needed).docx
- yoars (Round to two decimal places as needed).docx- yoars (Round to two decimal places as needed).docx
- yoars (Round to two decimal places as needed).docx
 
- This person- role- or group will be a subject matter expert who can.docx
- This person- role- or group will be a subject matter expert who can.docx- This person- role- or group will be a subject matter expert who can.docx
- This person- role- or group will be a subject matter expert who can.docx
 
- Interpret the data in each of the cases using 2 different nontechnic.docx
- Interpret the data in each of the cases using 2 different nontechnic.docx- Interpret the data in each of the cases using 2 different nontechnic.docx
- Interpret the data in each of the cases using 2 different nontechnic.docx
 
- Python Programming Section 01 Spring 2023 CO Write a Python program.docx
- Python Programming Section 01 Spring 2023 CO Write a Python program.docx- Python Programming Section 01 Spring 2023 CO Write a Python program.docx
- Python Programming Section 01 Spring 2023 CO Write a Python program.docx
 

Dernier

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 

Dernier (20)

Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 

A particular web application operation accepts an image upload- The lo.docx

  • 1. A particular web application operation accepts an image upload. The logged in user provides a user ID, an image name, a brief description and image preferred size (height and width). Explain what checks the server-side function should perform (in general terms, code is not needed) before attempting to process the submission. provide an example of activity logging that would require additional security concerns to be addressed and why. Explain a coding technique that can be used to protect against Cross-Site Scripting vulnerabilities. Explain a coding technique that can be used to protect against SQL insertion. Explain how the ViewState field or a CSRF token helps protect against Cross-Site Request Forgery. Solution server side should check if some null constraints are applied to any of these fields more over if image size is already given to be uploaded, in case of failure of checking server should prompt a general message for the related exception that a naive can understand. provide an example of activity logging that would require additional security concerns to be addressed Being secure is not a sometimes thing, but an ongoing process. You aren't secure because you use a particular tool—you are secure because you apply a security mindset every day. as an example took the login with facebook, the facebook must disable the functionality of browser of save password because by doing so no outsider would enter your timeline. Explain a coding technique that can be used to protect against Cross-Site Scripting vulnerabilities. 1. Safely validating untrusted HTML input
  • 2. 2. Cookie security 3. Disabling scripts Explain a coding technique that can be used to protect against SQL insertion. 1. By doing Prepared Statements The use of prepared statements with variable binding is how all developers should first be taught how to write database queries 2. Using Stored Procedures 3. Using White List Input Validation 4. Least Privilages Explain how the ViewState field or a CSRF token helps protect against Cross-Site Request Forgery. The CSRF token is added as a hidden field for forms or within the URL if the state changing operation occurs via a GET. The server rejects the requested action if the CSRF token fails validation