validation.md

Server-side Validation Discussion

1. What is server-side validation?
2. How can server-side validation help prevent security vulnerabilities?
3. What is the role of client-side validation?
4. If we have client-side validation, why do we even need a server-side validation?
5. How does the express-validator package simplify server-side validation in Node.js applications?

Mohamad Aid Bacuk Zanab - Nezir Aydın - Guled Khadar Abdi - Ceyda Esen

1- Server-side validation is the process of validating user input data on the server, rather than on the client-side. It is an essential security measure to prevent attacks and ensure data accuracy. Server-side validation helps to provide a better user experience by giving immediate feedback to the user if there are any errors in the input data.

2- Server-side validation helps prevent security vulnerabilities by thoroughly checking and validating user input data on the server before processing it. It helps prevent malicious attacks such as SQL injection and cross-site scripting by ensuring that input data meets certain requirements and constraints. By validating data on the server-side, developers can prevent errors and inconsistencies in the data, which can lead to security vulnerabilities. This ultimately helps ensure the integrity and security of user data and prevents potential attacks on the server.

3- Client-side validation plays a role in improving the user experience by providing immediate feedback on input data errors, such as missing or incorrectly formatted fields. Its role is to provide basic validation of input data before sending it to the server for more thorough validation and processing.

4- Client-side input validation is not a substitute for server-side input validation. Server-side input validation is essential to ensure that only valid data is processed by the application. client-side validation is useful for improving the user experience by providing immediate feedback to the user on input errors. However, it is not sufficient for ensuring data integrity and security, as it can be bypassed or disabled. Server-side validation provides an additional layer of security to prevent malicious attacks and ensure the accuracy and consistency of the data stored on the server. Therefore, both client-side and server-side validation are important for ensuring data integrity and security.

5- The express-validator package simplifies server-side validation in Node.js applications by providing an easy-to-use middleware function that can handle a wide range of validation scenarios. By using this package, developers can reduce the amount of code they need to write and can focus on building robust and secure web applications.

Team members : @badrnasher, @Vekilbyv, @AsliSema

1. When you enter data, the browser and/or the web server will check to see that the data is in the correct format and within the constraints set by the application. Validation done in the browser is called client-side validation, while validation done on the server is called server-side validation.

2. Input validation: Server-side validation can check that the data entered by the user is valid and meets specific criteria. While running a dynamic application security test, tools used will bypass the client-side restrictions to attempt injection attacks.

3. Client-side validation is generally used to provide quick feedback to a user. For example, when you're submitting a form and you see a field highlighted in red saying "Required field", basically what happened is the client validated that the field cannot be empty.

4. An API must not entirely rely on client-side validation. Even if it might seem redundant to have validation both on frontend and backend, it is essential from the perspective of security and reliability of your backend application. An API does not know what actually happened on the frontend when it receives a request from a client. It is also possible that requests are coming from a source like Postman where there is no client-side validation. That is why more often than not, the first step in processing a request is to validate the data that came with it. For example, the API receives a signup request with an email ID. In case it turns out that this email ID was already used with a previous user account, it could cause issues if the new signup request is processed. So the API must first validate the email ID from the user database and inform the client accordingly. The frontend has no way by itself to check if the email ID was used in a previous user account.

5. The express-validator package is a middleware for the Node.js Express framework that simplifies server-side validation in web applications. It provides a simple and flexible way to validate user input and sanitize data, and it can be used to validate input from a variety of sources, such as query parameters, form data, or JSON payloads.

Omar Qaqish, Younes Nourzehi, Abdulrahman Albakkar

1. It is validation to figure out if the data being sent to the API is any good or not, that happens on the server side as opposed to on the client side. It is essential from the perspective of security and reliability of your backend application to have server side validation even if we have client side validation.
2. By using authentication so that if a user does not have the proper authentication, they wouldn't be able to access the data on the server side. If client side validation was bypassed, server side validation can catch the error and prevent harmful input.
3. Provide immediate feedback to the user regarding the input they have entered. It can help improve the user experience and make sure that all information is provided in the request before going to the server. It also reduce requests to server but it can't be used for security purposes.
4. An API does not know what actually happened on the frontend when it receives a request from a client. It is also possible that requests are coming from a source like Postman where there is no client-side validation. Additionally, a hacker can easily bypass a front end validation. In some cases, the front end cannot know a certain resource exists on the server, such as an email address, so if someone were to sign up with the same email address, server-side validation needs to catch that and prevent it.
5. It's a a set of express.js middlewares that wraps the extensive collection of validators and sanitizers offered by validator.js. It allows you to combine them in many ways so that you can validate and sanitize your express requests, and offers tools to determine if the request is valid or not, which data was matched according to your validators, and so on. It can be easily configured to setup validation on our APIs. It is used to simplify basic validations and reduce the code for server-side validation.

@Irzooqi @nourkrimesh @ilaydanurguzel1
1- Server-side validation is an important technique for preventing security vulnerabilities in web applications. It refers to the process of validating user input data on the server-side of a web application or website.
2- Server-side validation helps prevent security vulnerabilities by detecting and rejecting invalid data before it is processed or used, which can prevent attacks such as SQL injection and cross-site scripting.
3- The role of client-side validation is to provide immediate feedback to the user by verifying the data they entered in a web form or application before it is submitted to the server. It helps improve the user experience, but it is not a substitute for server-side validation.
4- because client-side validation is too easy to bypass, so malicious users can still easily send bad data through to your server.
5- express-validator simplifies server-side validation in Node.js applications by providing a comprehensive set of validation rules, easy integration with popular web frameworks, error-handling middleware, and sanitization functions. This can help developers save time and ensure that their applications are secure and reliable.

Berra Mahmud - Tareq Harh - Ahmad Alshatar
1 - when a user submits a form of data, the server-side checks the data to see if it's valid or not. we can use Express JS validation or custom validation.
2 - It can help prevent security vulnerabilities by validation data which can be bypassed on client-side validation, attackers could use SQL injection, cross-site scripting (XSS) attacks, and other types of injection attacks.
3 - before sending a request to the server side, we could make the same validation roles on the server side to increase security, it helps ensure data submitted matches the requirements set forth in the various form controls.
4 - because client-side validation could be passed by the attackers, and to reduce the server load by preventing users from submitting invalid data. an API must not entirely rely on client-side validation. Even if it might seem redundant to have validation both on the front end and back end, it is essential from the perspective of the security and reliability of your backend application.
5 - it saves us from writing a bunch of statements and code to write just one validator, instead of writing a statement to check if the email is in the right format, we can use a built-in method on Express JS, like isEmail.

1- Rasam Rabiee @cyberRasam
2- Zakari Ali
3- Tasneem Akkad @TasneemAkkad

answers :
1- Server-side validation is a process of validating user input or data submitted to a web application on the server side rather than on the client side.

2-
Protection against malicious input
Preventing data loss
Ensuring application logic
Mitigating attacks

By validating user input on the server-side, potential security issues such as SQL injection, cross-site scripting, and buffer overflow attacks can be avoided.

3- The role of client-side validation is to provide immediate feedback to the user when they submit a form or enter data into a website or application.

4- Client-side validation is not a reliable means of ensuring the security and integrity of data as it can be easily bypassed by malicious users. Therefore, server-side validation is necessary to prevent security vulnerabilities such as SQL injection, cross-site scripting, and other types of attacks that can compromise the system. Server-side validation provides an additional layer of security and ensures that the data being submitted is safe and in the correct format.

5- The express-validator package simplifies server-side validation in Node.js applications by providing a middleware that can be used with the Express.js framework. It offers a set of chainable validator methods for validating data from the request body, query parameters, and route parameters.

Team members: Nur Abunamus, Mahmoud Alshahin, Jimaa Maya

1- the process of validating data input on a web application's server rather than on the client-side.
2-Preventing injection attacks, Ensuring data integrity, Sanitizing user input: Server-side validation checks can ensure that user input is sanitized and free of potentially harmful code or scripts and Protecting against brute force attacks: Server-side validation can also help prevent brute force attacks by limiting the number of login attempts a user can make in a given period. This prevents attackers from repeatedly guessing login credentials until they gain access to the system.
3-The primary role of client-side validation is to improve the user experience by providing real-time feedback to users about the validity of their input, without requiring a round-trip to the server and Client-side validation can help improve the user experience by:
Reducing server load: By validating user input on the client side, web applications can reduce the number of requests sent to the server, which can help improve application performance.
4- Client-side validation is too easy to bypass, so malicious users can still easily send bad data through to your server and client-side validation can provide a good user experience and reduce server load, but server-side validation is essential to ensure the security, reliability, and integrity of web applications.
5-By providing a set of powerful validation functions and methods that can be used to validate data input in HTTP requests.
A- Built-in validation functions
B- Chaining and sanitization
C-Error handling: The package provides an easy way to handle validation errors by attaching error messages to the request object.

Harith - Fatima - Ahmed

1- It generally means figuring out if the data being sent to the API is any good or not. Validation can happen both on client-side before sending the request or on server-side when receiving the request.
* Types of Validation
* required
* minlength and maxlength
* min and max
* type
* pattern
* business rules validation

Cansu, Mohammad, Motaz

1. Server-side validation, also known as server-side form validation, is a process of validating user input on a web application's server-side, rather than on the client-side. It involves checking and validating user-submitted data on the server before processing it or storing it in a database.
2. server-side validation is an essential security measure in web applications that helps prevent security vulnerabilities, protects against attacks, and ensures the integrity and accuracy of user-submitted data:
   1. Data integrity
   2. Input validation
   3. Business rule validation
   4. Error handling
   5. Defense in depth
3. Client-side validation is a process of validating user input on the client-side, typically within a web browser, before data is submitted to the server for processing. It involves using JavaScript or other client-side scripting languages to validate data entered by users in web forms or other input fields.
4. Client-side validation can provide immediate feedback to users and help improve user experience in web applications, it is not sufficient on its own for ensuring security and data integrity.
5. express-validator package simplifies server-side validation in Node.js applications by providing a comprehensive set of validation functions, error handling, sanitization, and customization capabilities. It integrates seamlessly with Express middleware and allows you to create robust and secure validation logic for your application with ease.

1. Server-side validation is a process that checks the validity of user input on the server.
2. with validation we enforce the user to input a valid data, and prevent him form input string instead number for example.
3. client-side validation check the validity of the user input in the client side without communicating with the server(email typography validation for example).
4. with server side validation we wrote the validation rules in one place for all the clients (web browser, mobile)
5. we don't know :)

@MuhammedHasan