Data validation and verification

Information security
Spring- 2020
 Difference between Data Validation and Data Verification

• Data plays a very vital role in software development

and testing. The data should be accurate to yield the
desired result. Hence the data should be checked
thoroughly to ensure accuracy. Presently, data is
checked in two stages and they are data validation
and data verification.
• Important decisions are made on the analysis of a set
of data, inaccurate data will certainly lead to wrong
decisions. Hence, data validation and 
data verification are very significant.
 What is Data Validation

• Data validation is the process of comparing data with

a set of rules to find out if data is reasonable.
• Validation is about checking the input data to ensure it
conforms with the data requirements of the system to
avoid data errors.
•  Data validation rules are used in data validation
processes to ensure the validity.
• The term validity of data mostly denotes the
meaningfulness , correctness and modernity of the
data.
 Data Validation 
• The validity of the input data should be ensured to
maintain system security.
• Besides, data validation rules, data integrity rules are
also used in data validation, especially for business
related applications. In this case, the rules should be
implemented at the beginning of the process or the
wrong validated data may give a negative impact.
• An example of this is a range check to avoid an input
number that is greater/smaller than the specified
range.
 Data Validation types
• There are many types of data validation such as:
-Format check: Checks data is in the right format,
e.g. date in the format dd/mm/yyyy.
-Presence check: Checks that data has been entered
into a field.
-Range check: Checks that a value falls within the
specified range, e.g. grades can only range between
A and E.
-Type check: Ensures the correct data type has been
entered, e.g. age should be a number.
•  For example, when you validate a telephone
number, you can validate the input data,
telephone numbers by ensuring that it
contains a just a specific number digits and in
some case + or – signs.
• Or Checking the input to ensure that they are
made up of “Valid” characters.
 What is Data Verification

• Data verification is the process of checking that the

data entered exactly matches the original source to
find out if data is accurate.
• Data verification is a way of ensuring the user types in
what he or she intends, in other words, to make sure
the user does not make a mistake when inputting data.
• Data verification is very important as it ensures that
the copy is exactly the same as the original. Hence you
can be confident in using the copy, even when you lose
the original data.
 Data Verification methods

• Data verification methods include:

-Double entry - entering data twice
-Proofreading data - someone checks the data
entered against the original document
-Echo - system repeats the data being entered
 Data verification
• An example of this includes double entry of data (such
as when creating a password or email) to prevent
incorrect data input.

• In total, Data Validation is done on the original

document whereas data verification is done on
copies. This is the major difference between data
validation and data verification.
 How Validation is Done

• The mechanical details of validating data are:

1-Determining what data to validate. Not all
data needs to be validated in all ways, but at a
minimum each data element should be
checked for conformance to the target data
type and domain values/ranges, as necessary.
• Each data value for any item entered from the
key board must be validated.
2-Determining when to validate data. Validation
checks are usually applied when data moves
from one data structure to another, or entered
from the key board.
3- Determining what to do with data that fails
validation.  Once the failed data is identified,
decisions must be made on where to store the
data, who to notify in case of failure, and how
the data will be corrected and resubmitted
into the data acquisition process.
All of these decisions are often treated by the
development team.
 What is form validation?

• Go to any popular site with a registration form, and you will notice
that they give you feedback when you don't enter your data in the
format they are expecting. You'll get messages like:
• "This field is required" (you can't leave this field blank)
• "Please enter your phone number in the format xxx-xxxx" (it wants
three numbers followed by a dash, followed by four numbers)
• "Please enter a valid e-mail address" (the thing you've entered
doesn't look like a valid e-mail address)
• "Your password needs to be between 8 and 30 characters long,
and contain one uppercase letter, one symbol, and a number"
(seriously?)
• This is called form validation — when you
enter data, the web application checks it to
see if it is correct. If correct, the
application allows the data to be submitted to
the server and (usually) saved in a database; if
not, it gives you error messages to explain
what you've done wrong (provided you've
done it right).
• We want to make filling out web forms as painless
as possible, so why do we need to validate values
entered into forms before storing forms data into a
database? There are three main reasons:
• We want to get the right data, in the right
format — our applications won't work properly if
our user's data is stored in any old format they like,
or if they don't enter the correct information in the
correct places.
• We want to protect our users — if they
entered really easy passwords, or no password
at all, then malicious users could easily get
into their accounts and steal their data.
• We want to protect ourselves — there are
many ways that malicious users can misuse
unprotected forms to damage the application
they are part of.