Web Forms are one of the most important aspects of an HTML interface to secure. Consider a simple Login Form that includes a username and password for allowing access to an application.
Discuss methods that will help secure the data-in-transit and at-rest. Be sure to reference your findings. Provide code examples as applicable for your example. Python is preferred but other languages are acceptable as well.
Web Authentication is a fascinating subject and with so much change in the web technologies a developer who wants to log a user in the application by the safest way possible can be a tough process as there is so much to learn on how to make your form secure.
Before going to see the HTML form its code and methods to make it safe let's understand first the two stages of digital data
Data at rest
It is the initial stage of any digital data in this stage the data
is available somewhere in the system without being transmitted to
anyone or getting used by anyone which can include any software,
third parties, human beings and so on.
Stored in local hard drives, USB pen drives, system folder, or in any physical and logical storage system.
Data in transit
This stage is also known as data in motion and it indicates the
transmission of the data from one place to another and it can take
place between any number of parties.
Now we have understood the concept of stages of data now let's
understand HTML form
HTML Forms
I don't think I need to explain what is HTML forms because without
them web authentication is next to impossible as they are the first
critical aspects in the making of authentication.
They are used for collecting user credentials and then those data get transmitted over the webserver to the page where we want to send them for carrying out the authentication process.
The main purpose of the HTML form is to collect the data from the user and then transmit those data to the webserver
HTML page with a form that will collect two information one is a
username and the other one is the password of the user who wishes
to log in to the application.
<html>
<head>
<title>Welcome To Application</title>
</head>
<body>
<form action="" method="">
<input type="text" name="username" placeholder="Enter your
username">
<input type="password" name="password" placeholder="Enter your
Password">
<input type="submit">
<input type="reset">
</form>
</body>
</html>
You can see I have left blank at the action and method in the form
tag
Action is nothing but the destination file name where we want to
send the data of the form for processing but the thing to consider
here is the method which is important
When we click the form submit button the data is sent to a web
server and that request is made with the help of HTTP method and we
can choose the type of method to make that request and it is
important for the security concern
GET method is not useful so skip it because it is not useful and when we need to send critical information we must use the post request as this request method provides basic protection from the caching of sensitive data by the browser and it also reduces the chances of sensitive data to get stored in server logs
The most important and the most effective method is the encryption
of the data which is considered the best possible solution for
ensuring your data is safe at both the rest and transit stages
Data Encryption at Rest
in this stage, data is in a stable state with no third party or
application acting on it.
How to implement data encryption at rest security protocol we will see some the ways of making it possible
=>using of software tools like AxCrypt or VeraCrypt we can
encrypt the physical hard disk drives
=>Toprotect the USB pen drives we can use the tools that I named
in the above points or can purchase some hardware-encrypted flash
drives
=> with the help of the encryption technique like InnoDB
tablespace encryption which is used for MySQL and MariaDB and there
are more and we can protect the data stored in the database with
these technique
Now see the Data Encryption In Transit
Here in case of the application where we are sending username and password, we can consider these methods to ensure that our form data is encrypted in the transit stage.
-Web traffic needs to be transmitted over SSL(secure socket
layer) and should use strong security protocols like TLS(transport
layer security)
-encryption via the application level
Till now I have discussed how to make the form secure and then also
discussed the method to make sure the data is secure at the rest
and in transit stages as per the requirement
Web Forms are one of the most important aspects of an HTML interface to secure. Consider...
Web Forms are one of the most important aspects of an HTML interface to secure. Consider a simple Login Form that includes a username and password for allowing access to an application. Discuss methods that will help secure the data-in-transit and at-rest. Be sure to reference your findings. Provide code examples as applicable for your example. Python is preferred but other languages are acceptable as well.