1
00:00:00,180 --> 00:00:01,980
Input, validation, testing.

2
00:00:03,640 --> 00:00:07,930
So if you open an application that contains a registration form.

3
00:00:08,770 --> 00:00:15,880
And you may notice a certain amount of feedback about incorrect data or maybe incorrect data format

4
00:00:15,880 --> 00:00:16,540
that you entered.

5
00:00:17,630 --> 00:00:22,910
Such as this field is required, you can't leave this field blank.

6
00:00:24,420 --> 00:00:25,560
Or whatever it will be.

7
00:00:26,700 --> 00:00:29,430
This is called form validation.

8
00:00:30,490 --> 00:00:35,740
It helps both the owner and the users of the application to ensure that they're filling out the forms

9
00:00:35,740 --> 00:00:36,240
correctly.

10
00:00:36,280 --> 00:00:36,560
Right.

11
00:00:38,100 --> 00:00:45,180
The target web application can check the length in the format of the form fields when you enter data.

12
00:00:45,210 --> 00:00:46,080
That's how it works.

13
00:00:46,530 --> 00:00:51,480
So if the energy information is correct, the application allows the data to be submitted to the server.

14
00:00:52,170 --> 00:00:56,560
And if it's not, then it gives you an error message explaining what needs to be corrected.

15
00:00:57,840 --> 00:01:04,920
So basically, there are a few reasons to implement form validation, and of course, one of them is

16
00:01:04,920 --> 00:01:08,000
to help the application to work and store data properly.

17
00:01:08,970 --> 00:01:18,060
But there is also another important reason, and that is the security of the application and users.

18
00:01:18,750 --> 00:01:26,310
There are many ways that malicious users or a pen tester can misuse these forms to damage the application.

19
00:01:27,060 --> 00:01:34,410
And almost all major Web attacks, such as escarole injection access, they're all caused by improper

20
00:01:34,680 --> 00:01:35,790
data validation.

21
00:01:37,660 --> 00:01:45,610
So there are two approaches, a form validation, client side and server side validation, and as the

22
00:01:45,610 --> 00:01:52,510
name suggests, in a client side validation, the data is validated in the browser before being submitted

23
00:01:52,510 --> 00:01:53,110
to the server.

24
00:01:54,180 --> 00:02:02,040
So by using JavaScript or HTML five's built in validation, navigation can easily implement data validation

25
00:02:02,040 --> 00:02:02,670
in the client.

26
00:02:03,920 --> 00:02:09,530
Client side validation is quick and easy, and it's more user friendly when it's implemented.

27
00:02:10,660 --> 00:02:13,630
But for security reasons, it's not really a barrier.

28
00:02:15,020 --> 00:02:18,020
So server side validation comes in pretty handy.

29
00:02:19,020 --> 00:02:25,230
And as that name suggests, the validation occurs in the server after the data submitted.

30
00:02:26,440 --> 00:02:35,920
So it doesn't provide errors until the entire form has been submitted, so it's a last line of defense

31
00:02:35,920 --> 00:02:38,050
against incorrect or malicious data.

32
00:02:39,280 --> 00:02:45,250
Now, in the real world, developers tend to use a combination of client side and server side validation.

33
00:02:46,270 --> 00:02:49,390
And there's a popular saying about this situation.

34
00:02:50,570 --> 00:02:54,360
Never trust data pass to your server from the client.

35
00:02:54,920 --> 00:03:01,250
That means if the provided information is not 100 percent correct, then it is all incorrect.