Skip to content
Tweak Your Biz home.
MENUMENU
  • Home
  • Categories
    • Reviews
    • Business
    • Finance
    • Technology
    • Growth
    • Sales
    • Marketing
    • Management
  • Who We Are

Increasing web applications’ security using validation

By Richie Bowden Published March 12, 2010 Updated December 1, 2022

Any business that uses a website with online services to do business with their customers are concerned about security. Security is an important factor in ensuring a quality user experience and helps to retain and grow a customer base.

Recently I wrote in my own blog outlining some principles and approaches for website and applications security. In this blog, I will focus on data validation which forms an important part of securing your website or application. Data validation is all about ensuring that any form of data input or output, whether provided by a user or other system, does not compromise your website or application.

Lets start with the inputs – blacklist or whitelist ?

Businesses provide a range of online options for customers to communicate to them, ranging from online feedback/comment forms to online shopping. Each of these options require different data to be entered, from names and email addresses to credit/debit card details. If a user’s input is not properly validated, there can be a risk of an attacker using a code injection technique such as sql injection to compromise a website.

To ensure that appropriate data is entered, there are two approaches to validation;

  1. Whitelisting
    This approach validates any data input against data that is considered acceptable. For example, a whitelist entry for a valid credit card number would include the rule that the input should consist of sixteen numeric characters, drawn from a list of 0 to 9. By adopting this approach, the focus is on identifying known correct inputs. So if a user enters anything other than numbers, their input will not be accepted and a message should be displayed informing them as to why their entry was not accepted.
  2. Blacklisting
    This approach differs from whitelisting in that the focus is on identifying inappropriate inputs – malicious or otherwise. When inappropriate content is recognised, it is replaced or removed. The challenge with using the blacklisting approach is that only current known threats can be prevented. There is a possibility that newer threats may be missed. For this reason, the whitelisting approach is generally the preferred approach.

Similar principles for outputs

Before any output is displayed to a user, it should be validated so that the text is in an appropriate format and length. Common examples of output validation include;

  • Display a credit card number to a user with asterisks, with only the last four digits being displayed.
  • Validate a url link to another site in order to prevent a possible cross-scripting attack.All urls should be correctly formatted.

Strength in numbers

Validating inputs and outputs should be used as one of a range of security measures to ensure a secure user experience of your website or application. I plan to write about other measures such as error handling and proper authentication in future blogs.

In the meantime, I would recommend the following information sources on applications security;

  • Open Web Applications Security Project (OWASP)
  • Security Ninja – Secure development principles
  • Irish Reporting and Information Security Service – useful links section
  • Government’s MakeITsecure website
Posted in Business

Enjoy the article? Share it:

  • Share on Facebook
  • Share on X
  • Share on LinkedIn
  • Share on Email

Richie Bowden

Richard is a believer and advises companies on the use of Cloud services, Agile and Lean start-up principles. His focus is on innovative solutions that bring practical business benefits.

He has over 18 years experience in a variety of IT roles, including over 10 years management experience working for companies such as IBM Software, Oracle & KPMG Consulting. In his various roles, his focus has been on rolling out innovative IT solutions and services, using user centered design to deliver practical business benefits.

Richie is a PMI certified Project Management Professional and a certified Scrummaster.

Visit author twitter pageContact author via email

View all posts by Richie Bowden

Signup for the newsletter

Sign For Our Newsletter To Get Actionable Business Advice

* indicates required

Related Articles

Business
Technology

Beyond the Hype: Former AT&T and Synchronoss CEO Glenn Lurie on What the $4 Billion GenAI Telecom Market Really Means for 2025

Jessica Jones August 15, 2025
Business
Technology

How AI Mockup Generators Provide First-Mover Advantage

James Harding August 14, 2025
Business
Management

Best 12 LMS Features for Restaurants Staff Training That Reduces Turnover

Andrew Larson August 14, 2025

Footer

Tweak Your Biz
Visit us on Facebook Visit us on X Visit us on LinkedIn

Privacy Settings

Company

  • Contact
  • Terms of Service
  • Privacy Statement
  • Accessibility Statement
  • Sitemap

Signup for the newsletter

Sign For Our Newsletter To Get Actionable Business Advice

* indicates required

Copyright © 2025. All rights reserved. Tweak Your Biz.

Disclaimer: If you click on some of the links throughout our website and decide to make a purchase, Tweak Your Biz may receive compensation. These are products that we have used ourselves and recommend wholeheartedly. Please note that this site is for entertainment purposes only and is not intended to provide financial advice. You can read our complete disclosure statement regarding affiliates in our privacy policy. Cookie Policy.

Tweak Your Biz
Sign For Our Newsletter To Get Actionable Business Advice
[email protected]