Question

Web Forms are one of the most important aspects of an HTML interface to secure. Consider a simple Login Form that includes a username and password for allowing access to an application.

Discuss methods that will help secure the data-in-transit and at-rest. Be sure to reference your findings. Provide code examples as applicable for your example. Python is preferred but other languages are acceptable as well.

Answer 1

Web Authentication is a fascinating subject and with so much change in the web technologies a developer who wants to log a user in the application by the safest way possible can be a tough process as there is so much to learn on how to make your form secure.

Before going to see the HTML form its code and methods to make it safe let's understand first the two stages of digital data

Data at rest
It is the initial stage of any digital data in this stage the data is available somewhere in the system without being transmitted to anyone or getting used by anyone which can include any software, third parties, human beings and so on.

Stored in local hard drives, USB pen drives, system folder, or in any physical and logical storage system.

Data in transit
This stage is also known as data in motion and it indicates the transmission of the data from one place to another and it can take place between any number of parties.

Now we have understood the concept of stages of data now let's understand HTML form

HTML Forms
I don't think I need to explain what is HTML forms because without them web authentication is next to impossible as they are the first critical aspects in the making of authentication.

They are used for collecting user credentials and then those data get transmitted over the webserver to the page where we want to send them for carrying out the authentication process.

The main purpose of the HTML form is to collect the data from the user and then transmit those data to the webserver

HTML page with a form that will collect two information one is a username and the other one is the password of the user who wishes to log in to the application.

<html>
<head>
<title>Welcome To Application</title>
</head>
<body>
<form action="" method="">
<input type="text" name="username" placeholder="Enter your username">
<input type="password" name="password" placeholder="Enter your Password">
<input type="submit">
<input type="reset">
</form>
</body>
</html>

You can see I have left blank at the action and method in the form tag
Action is nothing but the destination file name where we want to send the data of the form for processing but the thing to consider here is the method which is important

When we click the form submit button the data is sent to a web server and that request is made with the help of HTTP method and we can choose the type of method to make that request and it is important for the security concern

GET method is not useful so skip it because it is not useful and when we need to send critical information we must use the post request as this request method provides basic protection from the caching of sensitive data by the browser and it also reduces the chances of sensitive data to get stored in server logs

The most important and the most effective method is the encryption of the data which is considered the best possible solution for ensuring your data is safe at both the rest and transit stages

Data Encryption at Rest
in this stage, data is in a stable state with no third party or application acting on it.

How to implement data encryption at rest security protocol we will see some the ways of making it possible

=>using of software tools like AxCrypt or VeraCrypt we can encrypt the physical hard disk drives
=>Toprotect the USB pen drives we can use the tools that I named in the above points or can purchase some hardware-encrypted flash drives

=> with the help of the encryption technique like InnoDB tablespace encryption which is used for MySQL and MariaDB and there are more and we can protect the data stored in the database with these technique

Now see the Data Encryption In Transit

Here in case of the application where we are sending username and password, we can consider these methods to ensure that our form data is encrypted in the transit stage.

-Web traffic needs to be transmitted over SSL(secure socket layer) and should use strong security protocols like TLS(transport layer security)
-encryption via the application level

Till now I have discussed how to make the form secure and then also discussed the method to make sure the data is secure at the rest and in transit stages as per the requirement