Question: Construct Security Countermeasures Method to Secure Web Application Create a modular function that helps you sanitize Cross-site Scripting, SQL Injection, and Command Injection attacks, all

Construct Security Countermeasures Method to Secure Web Application Create a modular

Construct Security Countermeasures Method to Secure Web Application Create a modular function that helps you sanitize Cross-site Scripting, SQL Injection, and Command Injection attacks, all in one function. The technical constraints are as follow: - The function should be named secureinput() and should receive 4 parameters: secureInput(string input, string attack_mode, Boolean should_strip, boolean validate_only) Parameter Explanation: 1. Input: the value that wants to be validated/sanitized. 2. Attack Mode: indicates what kind of attack that the validation/sanitation should be conducted against. The value must be either 'SQLI', 'XSS', 'RCE', or 'ALL'. Should the function receives 'ALL' as the Attack Mode parameter, then the input should be cleaned against all types of attack (SQLi, XSS, and RCE altogether). 3. Should Strip: indicates whether the dangerous tokens should be stripped or escaped. If the parameter's value is TRUE, then any dangerous token will be removed from the input. Otherwise, they will be escaped. 4. Validate Only: indicates whether this function should perform as a validator only. If the parameter's value is TRUE, then if there is any dangerous token from the input, this function should throw a new exception and stop the PHP from continuing the process (https://www.php.net/manual/en/language.exceptions.php). However, if the parameter's value is FALSE, there should be no error displayed and the input should continue to be cleansed. - Finally, the function should return the sanitized/validated value. - You are free to decide whether you would use a whitelist approach or a blocklist approach. - You ARE NOT ALLOWED to use predefined PHP security/validation functions (such as strip_tags, mysqli_real_escape_string, etc.) to sanitize/validate the input. Create your own algorithm and checking mechanism. - You will get a point deduction if I can find any token/payload that could bypass your checking mechanism and therefore could still exploit the vulnerability >: ). Submit the PHP source code as well as some sample of the HTTP request for payload testing (Postman, cURL, raw HTTP is okay). Here's some template code to help you

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

9. construct a program either java or C++ to use to carry out the operation management of your business Your code should adhere to the following rules of code Rule 1: Follow the Style Guide Every...

Q:

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

Q:

Explain that some software development problems result in software that is difficult or impossible to deploy in a secure fashion. There are at least two dozen problem areas or categories in software...

Q:

I have to create a program in C and I can't figure it out. The program has to read a source file. Please help. /******************************************************************** PROJECT: Glossary...

Q:

7. Write a summary of one of the following articles 2. "The Mouse That Knows You" in Chapter 1 (pages 40-41) B. "Mobile App Developers: Start with Security below Mobile App Developers: Start with...

Q:

After reviewing the PowerPoint on understanding financial statements and ratio analysis, create a narrated PowerPoint illustrating the financial health of your chosen organization. Your presentation...

Q:

Please answer the attached questions from the attached file Cisco Systems, Inc. 2014 Annual Report Annual Report 2014 Letter to Shareholders To Our Shareholders, When we look back on fiscal 2014, we...

Q:

You have been employed as a Junior Network Security Specialist for Phaeton Security Solutions Limited (PSS). PSS provides network security solutions for a range of clients from multiple industry...

Q:

Assume that you are the lead network security expert in your organization. Because of the recent rise in web security issues and the development of the global marketplace, your organization has...

Q:

What are some risks, threats, and vulnerabilities commonly found in the Workstation Domain that must be mitigated through a layered security strategy? File-sharing utilities and client-to-client...

Q:

If f(x) = (x - a) (x - b) (x - c), show that F(x) 1

Q:

Ralph and Tina (husband and wife) transferred taxable bonds worth $30,000 to Pam, their 12-year-old daughter. Pam received $3,500 of interest on the bonds in the current year. Ralph and Tina have a...

Q:

A foed cost that is incurred because of the extstence of a segment is considered a Segment Margin Con - un PasdCort Traceable Fined Cost Nomulfuet Cost

Q:

Can you help me calculate a common size Income Statement for 2 0 1 5 info below:

Q:

evaluate and draft recruitment and selection policies and procedures

Q:

understand the role of human resource managers and line managers in the recruitment and selection process

Q:

2. Why are there so few female engineers compared to male engineers and what can the engineering sector do to encourage females to take up a career in engineering?