Skip to content

MichaelRiccardi/globitek2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
private
private
 
 
public
public
 
 
README.md
README.md
 
 

Repository files navigation

Project 2 - Input/Output Sanitization

Time spent: 6 hours spent in total

User Stories

The following required functionality is completed:

1. [X] Required: Import the Starting Database

2. [X] Required: Set Up the Starting Code

3. [X] Required: Review code for Staff CMS for Users

4. [X] Required: Complete Staff CMS for Salespeople

  • Required: index.php
  • Required: show.php
  • Required: new.php
  • Required: edit.php

5. [X] Required: Complete Staff CMS for States

  • Required: index.php
  • Required: show.php
  • Required: new.php
  • Required: edit.php

6. [X] Required: Complete Staff CMS for Territories

  • Required: index.php
  • Required: show.php
  • Required: new.php
  • Required: edit.php

7. [X] Required: Add Data Validations

  • Required: Validate that no values are left blank.
  • Required: Validate that all string values are less than 255 characters.
  • Required: Validate that usernames contain only the whitelisted characters.
  • Required: Validate that phone numbers contain only the whitelisted characters.
  • Required: Validate that email addresses contain only whitelisted characters.
  • Required: Add at least 5 other validations of your choosing.

8. [X] Required: Sanitization

  • Required: All input and dynamic output should be sanitized.
  • Required: Sanitize dynamic data for URLs
  • Required: Sanitize dynamic data for HTML
  • Required: Sanitize dynamic data for SQL

9. [X] Required: Penetration Testing

  • Required: Verify form inputs are not vulnerable to SQLI attacks.
  • Required: Verify query strings are not vulnerable to SQLI attacks.
  • Required: Verify form inputs are not vulnerable to XSS attacks.
  • Required: Verify query strings are not vulnerable to XSS attacks.
  • Required: Listed other bugs or security vulnerabilities

The following advanced user stories are optional:

  • Bonus: On "public/staff/territories/show.php", display the name of the state.

  • Bonus: Validate the uniqueness of users.username.

  • Bonus: Add a page for "public/staff/users/delete.php".

  • Bonus: Add a Staff CMS for countries.

  • Advanced: Nest the CMS for states inside of the Staff CMS for countries

Video Walkthrough

Click here for a walkthrough of implemented user stories. (GitHub fails to show this GIF inline.)

GIF created with LiceCap.

License

Copyright 2017 Michael Riccardi

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

CodePath Web Security Weeks 2 & 3 Assignment

Topics

codepath

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages