WebAppSec/Secure Coding Guidelines: Difference between revisions

m (→‎Contributors: added me)
Line 167: Line 167:
'''Examples of Good Input Validation Approaches'''
'''Examples of Good Input Validation Approaches'''
For each field define the types of acceptable characters and an acceptable number of characters for the input
For each field define the types of acceptable characters and an acceptable number of characters for the input
* Username: Letters, numbers, 3 to 10 characters
* Username: Letters, numbers, certain special characters, 3 to 10 characters
* Firstname: Letters, single apostrophe, 1 to 30 characters
* Firstname: Letters, single apostrophe, dash, 1 to 30 characters
* Simple Zipcode: Numbers, 5 characters
* Simple US Zipcode: Numbers, 5 characters
 
Note: These are just examples to illustrate the idea of whitelist input validation. You'll need to adjust based on the type of input you expect.


===JavaScript vs Server Side Validation===
===JavaScript vs Server Side Validation===
Confirmed users
491

edits