sit 218 738 secure coding distinction task 4 3d develop your own injec
SIT 218/738: Secure coding
Distinction task 4.3D: Develop your own injection attack preventions using
Input validations is an important function to prevent many forms of web application attacks.
But various business requirements or application functionalities can make input validations a
complex task. Especially when you need to provide functionalities for users to enter
comments or fields that accepts special characters. In this task you will modify an existing we
application by adding more input fields and develop correct validation mechanisms to prevent
injection attacks. Furthermore, input validations can be applied both at the client-side or
server-side. Client-side validations use HTML code to validate user input and are done on the
client's browser saving server resources. However, secure application incorporates both
client-side and server-side validations to secure the web application. In this task you will
incorporate both the client-side and server-side input validations.
In the previous task, we implemented the regex pattern to prevent users from entering the scripts or
tagged input values in the format '<>' for 05-coachwebapp-spring web app in your SIT218 VM. This
prevented many of the XSS attack input patterns.
Now add two additional input fields to the web app "05-coachwebapp-spring in your SIT218 VM" that
asks user to enter their email address and a text area that allows users to send a custom request to
SIT218 Secure Coding
Kali Linux Kali Tools
Client Registration Form
Kali Docs Kali Forums Kali NetHunter Exploit-DB Google Ha
This is custom message to the coach!
When the user clicks the Submit button, the email address and user's message should be displayed as
shown below:/nSITZ18Secure Coding
Kali Linus Kali Tools Kali Docs Kali ForumsKali NetHunter Exploit-DB Google Hacking DB Offec
Bob, please, run for 30 min
Your message "This is a custom mesage to the coach!" was received and you
will be contacted via your email: firstname.lastname@example.org for further information.
Add the correct input validations with regular expressions to prevent any XSS both at the clients-side
and server-side. The email address should contain appropriate characters such as '@' and 'com' but
other special characters should be blocked. The text area should contain only maximum 200 characters
and allow common special characters like (!@#*).
Use this https://www.geeksforgeeks.org/spring-mvc-textarea/ as reference for adding the text area
to the spring app. Use this https://developer.mozilla.org/en-US/docs/Learn/Forms/Form validation
for client-side html validations.
Submit one PDF file containing the following information:
1. The correct regex pattern that blocks these injected data in all the fields
2. Screenshot of the updated app and screenshots showing its correct working along with
blocking unexpected characters.
3. Updated Client.java code added to the submission document.
4. Updated Coach Controller.java code added to the submission document.
5. Updated HTML code which includes client validations added to the submission document.
The due for each task has been stated via its OnTrack task information dashboard.
*The amount will be in form of wallet points that you can redeem to pay upto 10% of the price for any assignment. **Use of solution provided by us for unfair practice like cheating will result in action from our end which may include permanent termination of the defaulter’s account.Disclaimer:The website contains certain images which are not owned by the company/ website. Such images are used for indicative purposes only and is a third-party content. All credits go to its rightful owner including its copyright owner. It is also clarified that the use of any photograph on the website including the use of any photograph of any educational institute/ university is not intended to suggest any association, relationship, or sponsorship whatsoever between the company and the said educational institute/ university. Any such use is for representative purposes only and all intellectual property rights belong to the respective owners.