Wednesday, 22 May 2013

Spoofed Forms - Stop Spoofed Form Submissions

Spoofed Forms - Stop Spoofed Form Submissions

It is method in which attacker create a copy of html form of another website, fill the data whatever he want to sent and submit the form.

There are various ways to spoof forms, the easiest of which is to simply copy a target form and
execute it from a different location. Spoofing a form makes it possible for an attacker
to remove all client-side validations/restrictions imposed upon the form in order to submit the form.


Street:
City:
State:
Zip:


See in above form, here form's action is of another website.


How to Protect your website from spoofed forms

  • Add client side and server side validation
  • Use token system
  • Use captcha

Defination of SOLID DRY KISS UX

Defination of SOLID DRY KISS UX

SOLID Single responsibility, Open-closed, Liskov substitution, Interface segregation and Dependency inversion
Create a system that is easy to maintain and extend over a time to time.


DRY : Don't Repeat Yourself
Develop a functionalities that need not to change but can be extend the functionalists. 


KISS : Keep It Simple Stupid
Coding standard must be maintain and approach do simple, so that every developer must be able to understand at one glance.

UX : User Experience