Professional Documents
Culture Documents
Software Security
Hiruna De Alwis
1
1
9/10/2023
● Phase I
○ Allow anonymous comments
○ Allow users to enter a name along with the comment, regardless of whether or not they
are logged in to an account
● Phase II
○ Allow users to create accounts. Once they have created an account, they can view and
modify their past comments
○ Allow users to upload a small image with their comment
● Phase III
○ Allow administrative users to view and delete user accounts and moderate comments
3
2
9/10/2023
ComApp
3
9/10/2023
ComApp: Issues
● Issues in development
○ Empty comments
○ Lengthy comments
○ Raw database errors
■ Attackers take advantages to know about your server environment
○ Able to Insert scripts and links
○ Customer dissatisfactions
4
9/10/2023
Goals of the
boundary conditions
● Reject any input that seems suspicious
● Simply ignoring input that isn’t what you
expected, giving users an error message and
chance to try again
10
5
9/10/2023
An Error
11
Error-Handling Mechanism
12
6
9/10/2023
● If we decided not allowed HTML code insert through application, we can remove those from
the user inputs
● Are we going to reject entire message due to presence of HTML content?
○ It is your choice
● If not:
○ We can strip the HTML tags
○ strip_tags()
■ Function in php removes HTML tags and leaving only the raw data
13
7
9/10/2023
Spammers
15
Erroneous data
16
8
9/10/2023
Thanks!
Contact:
Hiruna De Alwis
hiruna@effectivesolutions.lk
17