Secure Coding mailing list archives
A Modular Approach to Data Validation in Web Applications
From: stephen at corsaire.com (Stephen de Vries)
Date: Mon, 27 Mar 2006 17:43:33 +0700
A Corsaire White Paper: A Modular Approach to Data Validation in Web Applications Outline: Data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications. This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use, can be realised. It starts with an explanation of the vulnerabilities introduced through poor validation and then goes on to discuss the merits and drawbacks of a number of common data validation strategies such as: - Validation in an external Web Application Firewall; - Validation performed in the web tier (e.g. Struts); and - Validation performed in the domain model. Finally, a modular approach is introduced together with practical examples of how to implement such a scheme in a web application. Download: http://www.corsaire.com/white-papers/060116-a-modular-approach-to- data-validation.pdf
Current thread:
- A Modular Approach to Data Validation in Web Applications Stephen de Vries (Mar 27)