程序代写代做代考 SQL Microsoft Word – WorkNeed.docx

Microsoft Word – WorkNeed.docx

Web Security and Validation

1. AJAX Calendar (60 Points):

§ B e s t P r a c t i c e s ( 2 0 P o i n t s ) :

§ Safe from XSS attacks; that is, all content is escaped on output (3 points)

§ Your application needs to prevent XSS attacks. Be careful when transmitting data

over JSON that will be reflected in an event title! (Note: JSON data should be

sanitized on the client side, not the server side.)

§ http://classes.engineering.wustl.edu/cse330/index.php/Web_Application_Security,_P

art_3

§ Safe from SQL Injection attacks (2 points)

§ Use prepared queries to prevent SQL Injection attacks.

§ http://classes.engineering.wustl.edu/cse330/index.php/Web_Application_Security,_P

art_3

§ CSRF tokens are passed when editing or removing events (3 points)

§ Pass tokens in forms to prevent CSRF attacks.

Hint: You will need to send your CSRF tokens in your AJAX requests. Remember

that AJAX still submits forms and runs server-side scripts, just like the vanilla forms

you’ve been using in Modules 2 and 3.

§ http://classes.engineering.wustl.edu/cse330/index.php/Web_Application_Security,_P

art_2

§ Page passes the W3C validator (2 points)

1. Index.html not passing W3C validator

2. Creative Portion (15 Points)

§ Additional Calendars Features (worth 15 points): Develop some additional features for the

calendar, a few examples are provided below.

§ Users can tag an event with a particular category and enable/disable those tags in the

calendar view. (5 points)

§ Users can share their calendar with additional users. (5 points)

§ Users can create group events that display on multiple users calendars (5 points)