SIT 218/738: Secure coding Distinction task 4.3D: Develop your own injection attack preventions using hibernate validator Objective Input validations is an important function to prevent many forms of web application attacks. But various business requirements or application functionalities can make input validations a complex task. Especially when you need to provide functionalities for users to enter comments or fields that accepts special characters. In this task you will modify an existing we application by adding more input fields and develop correct validation mechanisms to prevent injection attacks. Furthermore, input validations can be applied both at the client-side or server-side. Client-side validations use HTML code to validate user input and are done on the client's browser saving server resources. However, secure application incorporates both client-side and server-side validations to secure the web application. In this task you will incorporate both the client-side and server-side input validations. Overview In the previous task, we implemented the regex pattern to prevent users from entering the scripts or tagged input values in the format '<>' for 05-coachwebapp-spring web app in your SIT218 VM. This prevented many of the XSS attack input patterns. Now add two additional input fields to the web app "05-coachwebapp-spring in your SIT218 VM" that asks user to enter their email address and a text area that allows users to send a custom request to the coach. SIT218 Secure Coding Kali Linux Kali Tools Name: Bob Age: 55 Email: bob@domain.com Message Submit Client Registration Form O Kali Docs Kali Forums Kali NetHunter Exploit-DB Google Ha localhost:8080/05-coachwebapp-spring/client/showForn This is custom message to the coach! When the user clicks the Submit button, the email address and user's message should be displayed as shown below:/nSITZ18Secure Coding sit218 SecureCoding-First OD localhost:8080/05-coachwebapp-spring/workout/processForm Kali Linus Kali Tools Kali Docs Kali ForumsKali NetHunter Exploit-DB Google Hacking DB Offec Bob, please, run for 30 min Your message "This is a custom mesage to the coach!" was received and you will be contacted via your email: bob@doamin.com for further information. Add the correct input validations with regular expressions to prevent any XSS both at the clients-side and server-side. The email address should contain appropriate characters such as '@' and 'com' but other special characters should be blocked. The text area should contain only maximum 200 characters and allow common special characters like (!@#*). Use this https://www.geeksforgeeks.org/spring-mvc-textarea/ as reference for adding the text area to the spring app. Use this https://developer.mozilla.org/en-US/docs/Learn/Forms/Form validation for client-side html validations. Submission Requirements: Submit one PDF file containing the following information: 1. The correct regex pattern that blocks these injected data in all the fields 2. Screenshot of the updated app and screenshots showing its correct working along with blocking unexpected characters. 3. Updated Client.java code added to the submission document. 4. Updated Coach Controller.java code added to the submission document. 5. Updated HTML code which includes client validations added to the submission document. Submission Due The due for each task has been stated via its OnTrack task information dashboard.

Fig: 1

Fig: 2