business

image4.png

image5.png

image6.png

image7.png

image8.png

image1.png

image2.png

image3.png

1. Input Validation Risk – How Can It Happen?

All program inputs are a potential source of problems. If external data is not validated to ensure that it contains the right type of information, the right amount of information, and the right structure of information, it can cause problems. Drawing used by permission of Dominik Joswig

Real-world Examples:

In December 2005, a Japanese securities trader made a $1 billion typing error, when he mistakenly sold 600,000 shares of stock at 1 yen each instead of selling one share for 600,000 yen. A few lines of code may have averted this error. Fat fingered typing costs a trader’s bosses £128m, The Times Online, December 09, 2005 Web applications are highly vulnerable to input validation errors. Inputting the invalid entry “!@#$%^&*()” on a vulnerable e-commerce site may cause performance issues, or “denial of service”, on a vulnerable system, or invalid passwords such as “pwd’” or “1=1— ” may result in unauthorized access. http://www.processor.com/editorial/article.asp? article=articles%2Fp3112%2F32p12%2F32p12%2F32p12.asp&guid=&searchtype=&WordList=&bJumpTo=True A Norwegian woman mistyped her account number on an internet banking system. Instead of typing her 11-digit account number, she accidentally typed an extra digit, for a total of 12 numbers. The system discarded the extra digit, and transferred $100,000 to the (incorrect) account. A simple dialog box informing her that she had typed too many digits would have helped avoid this expensive error. Olsen, Kai. “The $100,000 Keying error” IEEE Computer, August 2008 The site xssed.com lists nearly 13,000 vulnerable Web pages, including sites such as yahoo.com, google.com, msn.com, facebook.com, craigslist.com and cnn.com

Example in code:

testScore = int(input('Enter test score: ')) if testScore >= 90: print('Your grade is A') elif testScore >= 80: print('Your grade is B') elif testScore >= 70: print('Your grade is C') elif testScore >= 60: print('Your grade is D') else: print('Your grade is F')

This code fails to check for negative test scores or for test scores above 100.

Code Responsibly– How Can I Properly Validate Input?

Check all input: Below is a partial list of some checks to include:

Range check: check numbers to ensure they are within a range of possible values, e.g., the value for month should lie between 1 and 12. Reasonable check: check values for their reasonableness, e.g. (age > 16) && (age < 100) Arithmetic check: check variables for values that might cause problems such as division by zero. Format check: check that the data is in a specified format (template), e.g., dates have to be in the format DD/MM/YYYY.

The following function shows input validation for a test score:

def check_input(min, max): prompt = "Enter an integer number between %d and %d: " % (min, max) value = int(input(prompt)) while (value < min or value > max): value = int(input(prompt)) return value

2. Cryptographic Practices Encrypt Data in Python First, we need to install the cryptography library:

pip3 install cryptography

4/19/24, 3:50 PM Secure Coding Practices Examples with Python.html

file:///C:/Users/Momo/AppData/Local/Temp/228e057a-90c7-47bd-aecd-f904a21f3362_Secure Coding Practices Examples with Python.html.zip.362/S… 1/5