Secure Coding mailing list archives
Some Interesting Topics arising from the SANS/CWE Top 25
From: yo at secappdev.org (Johan Peeters)
Date: Wed, 14 Jan 2009 21:16:50 +0100
What is a business rule? Something like "If the customer has changed the shipment address from a previous order, we must re-request his or her credit card details"? How would you implement *that* using input validation?
The example I often use is 'equity can only be used as debt collateral, if it has a rating' :-) Before setting to work on your example, Florian, I would rephrase it as 'the date of entry of the shipment address must not be after the date of entry of credit card details'. I would then consider this an input validation problem. kr, Yo -- Johan Peeters http://johanpeeters.com
Current thread:
- Some Interesting Topics arising from the SANS/CWE Top 25 Steven M. Christey (Jan 12)
- Some Interesting Topics arising from the SANS/CWE Top 25 Greg Beeley (Jan 13)
- Some Interesting Topics arising from the SANS/CWE Top 25 Johan Peeters (Jan 13)
- Some Interesting Topics arising from the SANS/CWE Top 25 Florian Weimer (Jan 14)
- Some Interesting Topics arising from the SANS/CWE Top 25 Johan Peeters (Jan 14)
- Some Interesting Topics arising from the SANS/CWE Top 25 Johan Peeters (Jan 13)
- Some Interesting Topics arising from the SANS/CWE Top 25 Steven M. Christey (Jan 14)
- Some Interesting Topics arising from the SANS/CWE Top 25 Ivan Ristic (Jan 14)
- Some Interesting Topics arising from the SANS/CWE Top 25 Jim Manico (Jan 14)
- Some Interesting Topics arising from the SANS/CWE Top 25 Brian Chess (Jan 14)
- Some Interesting Topics arising from the SANS/CWE Top 25 Ivan Ristic (Jan 15)
- Some Interesting Topics arising from the SANS/CWE Top 25 Greg Beeley (Jan 13)
- Some Interesting Topics arising from the SANS/CWE Top 25 Joe Teff (Jan 15)