Skip repetitive navigation links.
United States Department of AgricultureFarm Services AgencySystem Development Life Cycle (SDLC)
Go to SDLC Home Go to SDLC Home Go to About SDLC Go to News Go to Help Go to Contact Us
Search FSA
Go To Advanced Search
Go To Search Tips
FSA Enterprise Architecture
Go to EA Overview
Go to Enterprise Architecture Program
Go to Enterprise Architecture
Go to FSA Infrastructure
FSA SDLC
Go to SDLC Overview
Go to Background
Go to Development Process
Go to Quick Start Guide
Go to FSA Quality Assurance & Control Process
Go to Project Management Process
Go to Configuration and Change Management
Mainframe & System 36 SDLC
Browse by Subject
Go to Developer Tools Overview
Go to Architectural Decisions/Waivers
Go to FSA Assets and Shared Services
Go to Approved Software
Go to Templates and Documents
Go to Information Bulletins & Memos
Browse by Subject
Go to Learning Overview
Go to Training Schedule

You are here:  SDLC Home / Development Process / Detailed Design / Application Security / Input Validation
Development Process

Input Validation

 

 
All input from the user should be validated on the Server side as is required by the FSA Reference Architecture. Client Side validation is allowed to reduce network traffic; however, it is not a substitution for server side validation. Client side scripting does not provide a secure means of validating user input.

 
Particular attention should be paid to any inputs that are keys used to retrieve data, such as customer ids, payment id, and contract numbers, as they may allow a hacker to change their values and view information they should not be able to see. In these situations the user id should be validated to determine whether or not they have rights to view the information.

 
The following practices should provide improvement to a web application's input validation:

 
  • Assume all input is malicious
  • Use a centralized approach, for example, by using common validation and filtering code in shared libraries
  • Do not rely on client-side validation
  • Constrain, reject and sanitize the input

Last Modified: 12/12/08 11:13:23 AM


SDLC Home | FSA Home | USDA.gov | Common Questions | Site Map | Policies and Links
FOIA | Accessibility Statement | Privacy Policy | Nondiscrimination Statement | Information Quality | USA.gov | White House