we would like to verify and test the user inputs that comes from untrusted data

1. we would like to verify and test the user inputs that comes from untrusted data sources.
2. all user inputs are untrusted.
3. client side validation and server side validation
4. we will filter the input for rejecting or accepting from the user with the predefined criteria
5. we will also encode the outputs to the site which comes from the input of the user
6. - by making sure that the output is treated as data purely and not as character itself
7.  
8. 1.the importance of robust input validation
9. can lead to injection and xss attacks
10. should be validated agaist datatype,minimum and maximum length
11. null or notnull,numeric range,unique or not, from the list of predefined,pattern
12. input filtering-checking for known good values or known bad values or with regular expression
13. white listing or blacklisting
14. white listing is preferred
15.  
16.  
17. 2.secure input validation using webforms,asp.net core and mvc
18. -webforms-use validation controls, various types available
19. -asp.net core
20. -use CSP header in the HTTP response
21. -install microsoft.aspnet.webutilities
22.  
23. -mvc
24. -use modelstate to valiate for strong type along with the error message
25. -don't redirect without validating
26. -use proper data annotation
27. -
28. 3.code techniques for sql injection attacks
29. -what is sql injection
30. -paramaterized statements,
31. -stored procedures
32. -escape routines to replace the characters
33. -use least privileged account, avoid damaging statements to be executed
34.  
35. 4.code techniques for XSS attacks
36. -what is xss attack
37. -validate the input and also encode the output
38. -make sure everything going out to the browser is treated as data or text
39. -we need to inform the renderer or interpreter that everything is text and don't execute or render them
40. -use HTMLEncode
41. -user URLEncode
42. -user Anti XSS Library
43.  
44. 5.code techniques for parameter tampering attacks
45. -check data with trusted source-example changing user password must be done after checking the user exitence in usermanager(mvc)
46. -encrypt and decrypt if needed
47.  
48. 6.code techniques for directory traversing attacks
49. webforms
50. -use path.combine after using server.mappath
51. -disable directory browsing
52. -check for first n characters of requested file path is similar to documentroot
53. -do not serve unknow file types-set serverunknownfiletype to false
54. -set static files location to wwwroot
55. -
56.  
57. 7.code techniques for open redirect attacks
58. -asp.net core
59. -check for islocalurl before redirecting
60. -disable x frame options to avoid clickjacking
61. -use CORS effectively
62. -never allow all origin, it will accept from all domains