Start time:
This activity explores Input Validation and its mitigation.
You may find it easier to sketch some answers on a separate piece of paper, and use that to come up with your report.
Before you start, complete the form below to assign a role to each member.
If you have 3 people, combine Manager & Reflector.
Time: / Date:Team Roles / Team Member
Recorder: records all answers & questions, and provide copies to team & facilitator (instructor)
Speaker: Talk to facilitator and other teams
Manager: keeps track of time and makes sure everyone contributes appropriately
Reflector: considers how the team could work and learn more effectively
Activity on Input Validation
Activity 1: Input ValidationBasics (20 minutes)
Any program input--such as a user typing at a keyboard, a file or a network connection--can be the source of security vulnerabilities and disastrous bugs. All input should be treated as potentially dangerous.Determined attackers can use carefully crafted input to cause programs to run unauthorized commands. This technique can be used to delete or damage data, run malicious programs, or obtain sensitive information. There are many types of data check. First, the type checks, alphabetic or numerical? Second, the length checks, for example, phone number needs need limit the length to 10 digits, no more or no less. Third, range checks, for example, the month value should go from 1 to 12, and the date value should go from 1 to 31. And then, the reasonability checks, for example, the age value cannot be negative. And, divide by zero checks and format checks are important for imputing validation.
Critical Thinking Questions:
- Read the examples of occurrence and discuss how the attackers run unauthorized programs?
- In December 2005, a Japanese securities trader made a $1 billion typing error, when he mistakenly sold 600,000 shares of stock at 1 yen each instead of selling one share for 600,000 yen. A few lines of code may have averted this error. Fat fingered typing costs a trader’s bosses £128m.
- Web applications are highly vulnerable to input validation errors. Inputting the invalid entry "!@#$%^&*()" on a vulnerable e-commerce site may cause performance issues or denial of service on a vulnerable system or invalid passwords such as "pwd’" or "1=1— " may result in unauthorized access.
- A Norwegian woman mistyped her account number on an internet banking system. Instead of typing her 11-digit account number, she accidentally typed an extra digit, for a total of 12 numbers. The system discarded the extra digit, and transferred $100,000 to the (incorrect) account. A simple dialog box informing her that she had typed too many digits would have helped avoid this expensive error.
2. Read the example in code and find what is the vulnerability for this code and answer the following questions.
import java.util.*;public class Testscore {
public static void main(String[] args) {
Scanner console = new Scanner(System.in);
System.out.println("Enter test score");
inttestScore = console.nextInt();
if (testScore >= 90)
System.out.println("Your grade is A");
else if (testScore >= 80)
System.out.println("Your grade is B");
else if (testScore >= 70)
System.out.println("Your grade is C");
else if (testScore >= 60)
System.out.println("Your grade is D");
else
System.out.println("Your grade is F");
}
}
This code fails to check for negative test scores or for test scores above 100.
The following are sources of input for programs:
Keyboard
Network
File
"Evil" input can occur from an error made by the user:
True
False
3. Code Responsibly
Check all input: Below is a partial list of some checks to include:
Length check: variables are checked to ensure they are the appropriate length, for example, a US telephone number has 10 digits.
Range check: numbers are checked to ensure they are within a range of possible values; for example, the value for month should lie between 1 and 12.
Reasonable check: values are checked for their reasonableness; for example: (age > 16) & (age < 100)
Divide by zero check: variables are checked for values that might cause problems such as division by zero.
Format check: data are checked to ensure they are in a specified format (template); for example, dates have to be in the format DD/MM/YYYY.
Recover appropriately: A robust program will respond to invalid input in a manner that is appropriate, correct, and secure. When your program runs across invalid input, it should recover as much as possible, and then repeat the request, or otherwise continue on. Arbitrary decisions such as truncating or otherwise reformatting data to "make it fit" should be avoided.
Which of the following inputs should be checked for reasonableness?
age
first name
city
item price
Which of the following inputs would require a specific template or format to be appropriate?
social security number
national debt
telephone number
birth date
2.Activity 2: Mitigations of Input Validation Error (30 minutes)
Critical Thinking questions:
1. Look at the program below and discuss which variable should be validated and what should you check for? Could integer overflow occur for the variable total?
- import java.util.*;
- public class WhileEx {
- public static void main(String[] args)
- {
- Scanner console = new Scanner(System.in);
- int age;
- int total = 0;
- System.out.println("Please enter 10 ages: ");
- for (inti = 0;i < 10; i++)
- {
- age = console.nextInt();
- total = total + age;
- }
- System.out.println("average age is " + (float)total/10);
- }
- }
Discussion and Conclusion
Input validation is performed to ensure only properly formed data is entering the workflow in an information system, preventing malformed data from persisting in the database and triggering malfunction of various downstream components. Input validation should happen as early as possible in the data flow, preferably as soon as the data is received from the external party.
Data from all potentially untrusted sources should be subject to input validation, including not only Internet-facing web clients but also backend feeds over extranets, from suppliers, partners, vendors or regulators, each of which may be compromised on their own and start sending malformed data.
Input validation should be applied on both syntactical and semantic level. Syntactic validation should enforce correct syntax of structured fields (e.g. SSN, date, currency symbol) while semantic validation should enforce correctness of their values in the specific business context (e.g. start date is before end date, price is within expected range).
It is always recommended to prevent attacks as early as possible in the processing of the user’s (attacker's) request. Input validation can be used to detect unauthorized input before it is processed by the application.
Critical thinking question:
a. How to prevent SQL injection attacks by validating user input?
b. How can the attacker bypass the validation form on webpage and save the inappropriate data to the database? (Think about the technique of form submission, post/get method)
References:
Cybersecurity Modules: Security Injections|Cyber4All @Towson